Satellite Server 6.4 is a wonderful product that will greatly assist in the management and deployment of servers within your environment. In this
Red Hat Satellite is a system management solution that enables you to deploy, configure, and maintain your systems across physical, virtual, and cloud environments. Satellite provides provisioning, remote management and monitoring of multiple Red Hat Enterprise Linux deployments with a single, centralized tool. Red Hat Satellite Server synchronizes the content from Red Hat Customer Portal, and provides functionality including fine-grained life cycle management, user and group role-based access control, integrated subscription management, as well as advanced GUI, CLI, and API access.
Red Hat Satellite Installation Guide
Pre-installation steps
This article will cover how to install Satellite 6.4, which at the time of this article is the latest version available. You will want to install Satellite on a fresh Red Hat Enterprise Linux Server 7.6 installation. Satellite 6.4 should be installed on a @base installation of RHEL without extra packages and GUI environments. I
Server Requirements for Satellite 6.4
- 64-bit architecture
- The latest version of Red Hat Enterprise Linux 7 Server
- 4-core 2.0 GHz CPU at a minimum
- A minimum of 20 GB memory is required for the Satellite Server to function. In addition, a minimum of 4 GB of swap space is also recommended. Satellite running with less memory than the minimum value might not operate correctly.
- A unique
host name , which can contain lower-case letters, numbers, dots (.) and hyphens (-) - A current Red Hat Satellite subscription
- Administrative user (root) access
- A system
umask of 0022 - Full forward and reverse DNS resolution using a fully-qualified domain name
Storage Guidelines for Satellite 6.4
| Directory | Installation Size | Runtime Size |
|---|---|---|
| /var/cache/pulp/ | 1 MB | 20 GB |
| /var/lib/pulp/ | 1 MB | 500 GB |
| /var/lib/mongodb/ | 3.5 GB | 50 GB |
| /var/lib/qpidd/ | 25 MB | Not Applicable |
| /var/log/ | 10 MB | 250 MB |
| /var/lib/pgsql/ | 100 MB | 10 GB |
| /var/spool/squid/ | 0 MB | 10 GB |
| /usr | 3 GB | Not Applicable |
| /opt | 500 MB | Not Applicable |
| /opt/puppetlabs | 180 MB | Not Applicable |
For the
Red Hat Installation Guide/var/lib/pulp/and/var/lib/mongodb/directories, use high-bandwidth, low-latency storage, and solid state drives (SSD) rather than hard disk drives (HDD). As Red Hat Satellite has many operations that are I/O intensive, using high latency, low-bandwidth storage causes performance degradation. Ensure your installation has a speed in the range 60 – 80 Megabytes per second. You can use thefiotool to get this data. See the Red Hat Knowledgebase solution Impact of Disk Speed on Satellite 6 Operations for more information on using thefiotool.
Lab based Satellite 6.4 installations
These, of course, are best practices for a production based Satellite Server. If you are building a Satellite Server in a lab for testing purposes you can scale back quite a bit with little impact on the overall performance. For instance, the disk partitioning can just all be a single partition on standard drives in the / root partition. Just make sure you have about 200 to 300 GB’s of free space to accommodate the repositories you will be syncing later on.
With the CPU and memory requirements, you can get by with 2 cores and 12 GB’s of RAM as you will usually just have a few content hosts you are testing with, and thus not have a large load on the Satellite server.
Preparing RHEL 7 for Satellite 6.4
First we need to register RHEL and attach a Satellite Subscription.
[root@sat64 ~]# subscription-manager register [root@sat64 ~]# subscription-manager list --available [root@sat64 ~]# subscription-manager attach --pool <pool-id>
We verify that the proper subscription is attached next.
[root@sat64 ~]# subscription-manager list --consumed
+-------------------------------------------+
Consumed Subscriptions
+-------------------------------------------+
Subscription Name: Red Hat Satellite Employee Subscription
Provides: Red Hat Beta
Red Hat Satellite
Red Hat Satellite with Embedded Oracle
Red Hat Satellite 5 Managed DB
Red Hat Satellite Proxy
Red Hat Satellite - Extended Life Cycle Support
Red Hat Satellite 5 Managed DB - Extended Life Cycle Support
Red Hat Satellite Proxy - Extended Life Cycle Support
Red Hat Software Collections (for RHEL Server)
Red Hat Satellite 6 Beta
Red Hat Satellite Capsule
Red Hat Software Collections Beta (for RHEL Server)
Red Hat Enterprise Linux High Availability for x86_64
Red Hat Ansible Engine
Red Hat Enterprise Linux Load Balancer (for RHEL Server)
Red Hat Enterprise Linux Server
SKU: SER0232US
Contract: 10790391
Account: ******
Serial: ********************
Pool ID: *********************************
Provides Management: Yes
Active: True
Quantity Used: 1
Service Level: Self-Support
Service Type: L1-L3
Status Details: Subscription is current
Subscription Type: Standard
Starts: 09/28/2015
Ends: 12/31/2021
System Type: Physical
[root@sat64 ~]#
Next, it is best to disable all repositories that are not used with Satellite 6.4 specifically. This removes any issues with conflicting repositories that may be updated or overwrite the Satellite repositories. It also removes the probability of any conflicts within the system. You want to also ensure you do not add third-party repositories such as EPEL on your Satellite Server 6.4.
[root@sat64 ~]# subscription-manager repos --disable "*" [root@sat64 ~]# subscription-manager repos --enable=rhel-7-server-rpms \ > --enable=rhel-server-rhscl-7-rpms \ > --enable=rhel-7-server-satellite-6.4-rpms \ > --enable=rhel-7-server-satellite-maintenance-6-rpms \ > --enable=rhel-7-server-ansible-2.6-rpms Repository 'rhel-7-server-rpms' is enabled for this system. Repository 'rhel-7-server-satellite-maintenance-6-rpms' is enabled for this system. Repository 'rhel-7-server-satellite-6.4-rpms' is enabled for this system. Repository 'rhel-7-server-ansible-2.6-rpms' is enabled for this system. Repository 'rhel-server-rhscl-7-rpms' is enabled for this system. [root@sat64 ~]#
Then we want to make sure RHEL is not locked to a specific version of RHEL 7.x, so it can be updated when required.
[root@sat64 ~]# subscription-manager release --unset Release preference has been unset [root@sat64 ~]#
Running yum update on RHEL 7
Our final steps
[root@sat64 ~]# yum clean all Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager Cleaning repos: rhel-7-server-ansible-2.6-rpms rhel-7-server-rpms rhel-7-server-satellite-6.4-rpms rhel-7-server-satellite-maintenance-6-rpms rhel-server-rhscl-7-rpms Cleaning up everything Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos [root@sat64 ~]# [root@sat64 ~]# yum repolist enabled Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager rhel-7-server-ansible-2.6-rpms | 4.0 kB 00:00:00 rhel-7-server-rpms | 3.4 kB 00:00:00 rhel-7-server-satellite-6.4-rpms | 4.0 kB 00:00:00 rhel-7-server-satellite-maintenance-6-rpms | 3.8 kB 00:00:00 rhel-server-rhscl-7-rpms | 3.4 kB 00:00:00 (1/15): rhel-7-server-ansible-2.6-rpms/x86_64/group | 124 B 00:00:00 (2/15): rhel-7-server-ansible-2.6-rpms/x86_64/updateinfo | 13 kB 00:00:00 (3/15): rhel-7-server-ansible-2.6-rpms/x86_64/primary_db | 18 kB 00:00:00 (4/15): rhel-7-server-rpms/7Server/x86_64/group | 774 kB 00:00:01 (5/15): rhel-7-server-rpms/7Server/x86_64/updateinfo | 3.0 MB 00:00:01 (6/15): rhel-7-server-satellite-6.4-rpms/x86_64/group | 4.7 kB 00:00:00 (7/15): rhel-7-server-satellite-6.4-rpms/x86_64/updateinfo | 40 kB 00:00:00 (8/15): rhel-7-server-satellite-6.4-rpms/x86_64/primary_db | 226 kB 00:00:00 (9/15): rhel-7-server-satellite-maintenance-6-rpms/x86_64/updateinfo | 8.1 kB 00:00:00 (10/15): rhel-7-server-satellite-maintenance-6-rpms/x86_64/group | 104 B 00:00:00 (11/15): rhel-7-server-satellite-maintenance-6-rpms/x86_64/primary_db | 15 kB 00:00:00 (12/15): rhel-server-rhscl-7-rpms/7Server/x86_64/group | 124 B 00:00:00 (13/15): rhel-server-rhscl-7-rpms/7Server/x86_64/updateinfo | 944 kB 00:00:00 (14/15): rhel-server-rhscl-7-rpms/7Server/x86_64/primary_db | 5.2 MB 00:00:02 (15/15): rhel-7-server-rpms/7Server/x86_64/primary_db | 54 MB 00:00:14 repo id repo name status rhel-7-server-ansible-2.6-rpms/x86_64 Red Hat Ansible Engine 2.6 RPMs for Red Hat Enterprise Linux 7 Server 21 rhel-7-server-rpms/7Server/x86_64 Red Hat Enterprise Linux 7 Server (RPMs) 23,947 rhel-7-server-satellite-6.4-rpms/x86_64 Red Hat Satellite 6.4 (for RHEL 7 Server) (RPMs) 446 rhel-7-server-satellite-maintenance-6-rpms/x86_64 Red Hat Satellite Maintenance 6 (for RHEL 7 Server) (RPMs) 26 rhel-server-rhscl-7-rpms/7Server/x86_64 Red Hat Software Collections RPMs for Red Hat Enterprise Linux 7 Server 10,971 repolist: 35,411 [root@sat64 ~]# [root@sat64 ~]# yum update Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager Resolving Dependencies --> Running transaction check .... Transaction Summary ====================================================================================================================================================================== Install 1 Package (+7 Dependent packages) Upgrade 257 Packages Total download size: 285 M Is this ok [y/d/N]: [root@sat64 ~]# yum install satellite Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager Resolving Dependencies --> Running transaction check ---> Package satellite.noarch 0:6.4.2.2-1.el7sat will be installed --> Processing Dependency: foreman >= 1.18.0 for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: katello >= 3.7.0 for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: foreman-ec2 for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: foreman-gce for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: foreman-libvirt for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: foreman-openstack for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: foreman-ovirt for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: foreman-rackspace for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: foreman-vmware for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: mod_passenger for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: pulp-maintenance for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: puppet-foreman_scap_client for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: satellite-cli for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: satellite-common for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: tfm-rubygem(foreman_ansible) for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: tfm-rubygem(foreman_bootdisk) for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: tfm-rubygem(foreman_discovery) for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: tfm-rubygem(foreman_docker) for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: tfm-rubygem(foreman_hooks) for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: tfm-rubygem(foreman_remote_execution) for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: tfm-rubygem(foreman_templates) for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: tfm-rubygem(foreman_theme_satellite) for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: tfm-rubygem(foreman_virt_who_configure) for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: tfm-rubygem(redhat_access) for package: satellite-6.4.2.2-1.el7sat.noarch --> Processing Dependency: tfm-rubygem-passenger-native for package: satellite-6.4.2.2-1.el7sat.noarch --> Running transaction check ---> Package foreman.noarch 0:1.18.0.40-1.el7sat will be installed .... xml-commons-apis noarch 1.4.01-16.el7 rhel-7-server-rpms 227 k xml-commons-resolver noarch 1.2-15.el7 rhel-7-server-rpms 108 k xorg-x11-font-utils x86_64 1:7.5-21.el7 rhel-7-server-rpms 104 k xorg-x11-fonts-Type1 noarch 7.5-9.el7 rhel-7-server-rpms 521 k Transaction Summary ====================================================================================================================================================================== Install 1 Package (+556 Dependent packages) Total download size: 373 M Installed size: 1.4 G Is this ok [y/d/N]: y ... tomcat.noarch 0:7.0.76-9.el7_6 tomcat-el-2.2-api.noarch 0:7.0.76-9.el7_6 tomcat-jsp-2.2-api.noarch 0:7.0.76-9.el7_6 tomcat-lib.noarch 0:7.0.76-9.el7_6 tomcat-servlet-3.0-api.noarch 0:7.0.76-9.el7_6 trousers.x86_64 0:0.3.14-2.el7 ttmkfdir.x86_64 0:3.0.9-42.el7 tzdata-java.noarch 0:2019a-1.el7 xalan-j2.noarch 0:2.7.1-23.el7 xerces-j2.noarch 0:2.11.0-17.el7_0 xml-commons-apis.noarch 0:1.4.01-16.el7 xml-commons-resolver.noarch 0:1.2-15.el7 xorg-x11-font-utils.x86_64 1:7.5-21.el7 xorg-x11-fonts-Type1.noarch 0:7.5-9.el7 Complete! [root@sat64 ~]#
Time Sync with chronyd
If the kernel was updated, you should reboot before proceeding at this point.
# yum install chronyd # systemctl start chronyd # systemctl enable chronyd # yum install sos
Installation of Satellite 6.4
The next step in the installation process is running the Satellite 6.4 installation scripts.
[root@sat64 ~]# satellite-installer --scenario satellite \
> --foreman-initial-organization "ACME" \
> --foreman-initial-location "Denver" \
> --foreman-admin-username admin \
> --foreman-admin-password redhat
Resetting puppet server version param...
Installing Done [100%] [...................................................................................]
Success!
* Satellite is running at https://sat64.home.therootuser.com
Initial credentials are admin / redhat
* To install an additional Capsule on separate machine continue by running:
capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar"
* To upgrade an existing 6.3 Capsule to 6.4:
Please see official documentation for steps and parameters to use when upgrading a 6.3 Capsule to 6.4.
The full log is at /var/log/foreman-installer/satellite.log
yum install -y -q rh-mongodb34-syspaths finished successfully!
[root@sat64 ~]#
Configuring Firewalld for Satellite 6.4
Before we can connect to the GUI, or have content hosts communicate with the Satellite server we must open a number of firewall ports on the Satellite server first.
[root@sat64 ~]# firewall-cmd --permanent --add-service=RH-Satellite-6 success [root@sat64 ~]# firewall-cmd --permanent --add-port 53/tcp success [root@sat64 ~]# firewall-cmd --permanent --add-port 53/udp success [root@sat64 ~]# firewall-cmd --permanent --add-port 67/udp success [root@sat64 ~]# firewall-cmd --permanent --add-port 68/udp success [root@sat64 ~]# firewall-cmd --permanent --add-port 69/udp success [root@sat64 ~]# firewall-cmd --reload success [root@sat64 ~]#
Lauching the Satellite 6.4 GUI
Finally, once all tasks are completed, and the firewall rules are in place we can log in to the GUI and begin the next phase of the installation.
What is next?
The next article in this series will cover how to configure Satellite 6.4, such as attaching a subscription manifest, synchronizing repositories, and setting up networking in preparation for provisioning. Later articles will also cover building a Capsule server within AWS with secure communication between the Capsule server and the Satellite server. Also, we will cover how to provision a server into AWS with a Satellite / Capsule setup.
If you need to upgrade your Satellite server from 6.4 to 6.5 or 6.6 check out this article.
If you have any questions about this process, please feel free to reach out to me.
Hello,
Can I follow the same the procedure on VMWARE using a test cluster with the same hardware requirement.
Yes, as long as your virtual machine in VCenter has the required specs for a Satellite server. You can use any virtual system, such as KVM, RHEV, VCenter to run Satellite on. I’ve only used VCenter, KVM, and Physical to do so myself thus far.
Cheers,
Ivan
Thank you Ivan,
Our organization has a restriction of connecting to the internet. So the instruction can be used in our environment without exposing production Linux server to the internet ?
Yes, most companies work the same way. The hosts do not have internet access. Many times Satellite is allowed to have Internet access and pulls the repositories down from Red Hat, then if you have capsule servers that content is synced to the capsule servers. From there the hosts in the network connect either directly to Satellite, or the capsule servers in their subnet / data center. Therefore the hosts do not end up needing Internet connectivity to update.