Saturday, 14 November 2015

Install Red Hat Satellite 6.1 on RHEL 7.1 with Internet Access

References

KVM Hardware

  •  3 cores of an i7 @2.9GHz
  • 10GB RAM (Red Hat recommends a minimum of 12, some play with as little as 8GB. 
  • 100GB Virt SCSI Disk ("/" root only file system layout)
Disk usage for RHEL 7 + Red Hat Satellite + following RHEL 7 Repositories = 32GB
I recommend starting with a 100GB disk if you intend to keep and use the Satellite instance.

Laptop Hardware

  • Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz
  • 16GB RAM
  • 150GB SATA Disk @7200rpm ("/" root only file system layout)

 Installing Red Hat Satellite 6.1 (with Direct Internet Access)

Fix up the Product Subscriptions: 
(I did a crazy thing and re-used a RHEL 7 Workstation installation so I had to copy the file /etc/pki/product/69.pem from a RHEL 7 Server to the laptop/workstation, and remove the other "product" pem file for "Workstation. See Why does command 'subscription-manager list' return: "No Installed Products found" ?)
subscription-manager register
subscription-manager remove --all
subscription-manager list --available --all | sed -n '/^Subscription Name:   Red Hat Satellite$/,/^Pool ID:/ p'
subscription-manager subscribe --pool=<pool_id_Red_Hat_Satellite>
subscription-manager release --set=7Server

Disable any existing repositories:
subscription-manager repos --disable=*

Confirm all the repositories are disabled:
subscription-manager repos --list-enabled
Repositories to subscribe to for RHEL 7:
subscription-manager repos --enable rhel-7-server-extras-rpms --enable rhel-7-server-satellite-6.1-rpms --enable rhel-server-rhscl-7-rpms --enable rhel-7-server-rh-common-rpms --enable rhel-7-server-satellite-tools-6.1-rpms --enable rhel-7-server-rpms
Check the repositories listed are the *only* that were just subscribed:
yum repolist

Going to request that "java" is removed twice as it is a common source of installation failure!
yum remove java*
yum update

Enable external entities to connect to the following *optional* services on the Red Hat Satellite server:   DNS
firewall-cmd --permanent --add-port="53/udp" --add-port="53/tcp"

Enable external entities to connect to the following *optional* services on the Red Hat Satellite server:  DHCP
firewall-cmd --permanent --add-port="67/udp" --add-port="68/udp"

Enable external entities to connect to the following *optional* services on the Red Hat Satellite server:  TFTP
firewall-cmd --permanent --add-port="69/udp"

Enable external entities to connect to the following *optional* services on the Red Hat Satellite server:  Puppet Master
firewall-cmd --permanent --add-port="8140/tcp"

Enable external entities to connect to the following services on the Red Hat Satellite server:  HTTP, HTTPS, Katello Message Router
firewall-cmd --permanent --add-port="80/tcp" --add-port="443/tcp" --add-port="5647/tcp"

firewall-cmd --reload

The following reboot is optional but it is recommended following software updates and firewall rule changes.
systemctl reboot


yum remove java*  # Yes this is a repeat, making sure you did it!
Java will be installed as a dependency of the "katello" package.
yum install katello
Backup and edit /etc/katello-installer/answers.katello-installer.yaml
cp /etc/katello-installer/answers.katello-installer.yaml /etc/katello-installer/answers.katello-installer.yaml_$(date '+%y%m%d%H%M')

Change the values for "initial_organization" and "initial_location" to something meaningful to your installation in the file /etc/katello-installer/answers.katello-installer.yaml
...
  foreman:
...
    initial_organization: "Default Organization"
...
    initial_location: "Default Location"
...







For a "simple" installation of Red Hat Satellite without DNS, DHCP and TFTP run "katello-installer" without options or changes to the default answers file.  "katello-installer" can be re-run again to add any of those components at a later time.
katello-installer
Save the initial password for the admin user.

Secure "elasticsearch" to only be accessible by the users "foreman" and "root".
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner foreman -j ACCEPT && firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner foreman -j ACCEPT && firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT && firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT && firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -o lo -p tcp -m tcp --dport 9200 -j DROP && firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 1 -o lo -p tcp -m tcp --dport 9200 -j DROP
firewall-cmd --reload

First Login

Log into the Red Hat Satellite URL and credentials provided by the instructions at the end of the "katello-installer" command. Save the admin user's password or set a new password via:
Admin User -> My Account -> User.  Enter the new password at the "Password" and "Verify" fields and then click the "Submit" button.

Load a Satellite Manifest

 Content -> Red Hat Subscriptions -> [Mange Manifest ->] Actions -> Upload New Manifest - Browse -> Upload

Initial Red Hat Content Sync

Content -> Red Hat Repositories -> RPMs -> Red Hat Enterprise Linux Server -> Red Hat Satellite Tools 6.1 (for RHEL 7 Server) (RPMS) -> Enabled (tick)

Content -> Sync Status -> Expand All -> Red Hat Satellite Tools 6.1 for RHEL 7 Server RPMs x86_64 (tick) -> Synchronize Now

Wait for it to download the content to make sure there are no issues with Satellite reaching back to Red Hat's Content Delivery Network.

Base RHEL Content Sync

Content -> Red Hat Repositories -> RPMs -> Red Hat Enterprise Linux Server -> Red Hat Enterprise Linux 7 Server (RPMS) -> Red Hat Enterprise Linux 7 Server RPMs X86_64 7Server -> Enabled (tick)
Consider enabling the repositories for:
  • Extras
  • Fastrack
  • Optional
  • Optional Fastrack
  • RH Common
  • Supplementary
 Content -> Sync Status -> Select All -> Synchronize Now

Configuration Note

There is no single path to follow to configure Satellite 6. Many of the resources depend on other resources but you define each single resource in turn.  For example an Organization has many Subnets and a Subnet can be associated with many Organizations.

It gets a lot more complicated than that. Some resources when you initially define them only show a few fields to complete. Afterwards when viewing that same resource you may find it has many tabs of configurable items.

Don't beat yourself up for not configuring in an optimum order.  There probably is not one. You will find as you configure Satellite you will have to revisit some resources to add additional configuration information. Satellite allows for this and it is just the nature of circular relationships.

Sanity Check

Before you can ever run katello-installer again, for example to add other modules such as dhcp and tftp, make sure the same fully qualified host name is returned by both commands:
facter fqdnhostname -f

It is my experience that an entry for the Satellite server needs to be added to /etc/hosts  for its primary NIC. Adding alias to the 127.0.0.1 entry does not cut it ;-)

Configure DHCP and TFTP

Backup and edit /etc/katello-installer/answers.katello-installer.yaml
...
    tftp: true
    tftp_syslinux_root:
    tftp_syslinux_files:
    tftp_root: /var/lib/tftpboot/
    tftp_dirs:
      - /var/lib/tftpboot/pxelinux.cfg
      - /var/lib/tftpboot/boot
    tftp_servername:
...
    dhcp: true
    dhcp_listen_on: https
    dhcp_option_domain:
      - spud.did.it
    dhcp_managed: true
    dhcp_interface: enp0s25
    dhcp_gateway: "192.168.1.1"
    dhcp_range: "192.168.1.100 192.168.1.239"
    dhcp_nameservers: "192.168.1.1"
    dhcp_vendor: isc
    dhcp_config: /etc/dhcp/dhcpd.conf
    dhcp_leases: /var/lib/dhcpd/dhcpd.leases
    dhcp_key_name: ""
    dhcp_key_secret: ""
...

Update Satellite 6 configuration:
katello-installer

Checks

cat /etc/dhcp/dhcpd.conf
systemctl status dhcpd
cat /etc/xinetd.d/tftp
find /var/lib/tftpboot/
systemctl status xinetd

Import Subnets

Infrastructure -> Capsules -> (drop down list for Satellite server) Import subnets
Fill in any missing details about the sub-net.

IPAM == IP Address Management

You can select one of three possible IPAM modes:
  • DHCP - will manage the IP on DHCP through assigned DHCP proxy, auto-suggested IPs come from DHCP
  • Internal DB - use internal DB to auto-suggest free IP based on other interfaces on same subnet respecting range if specified, useful mainly with static boot mode
  • None - leave IP management solely on user, no auto-suggestion

Finish Configuring the Subnet

Infrastructure ->Subnets -> (imported subnet name)

Domain Configuration

Satellite 6 considers a domain and a DNS zone as the same thing. That is, if you are planning to manage a site where all the machines are or the form hostname.somewhere.com then the domain is somewhere.com. This allows Satellite 6 to associate a puppet variable with a domain/site and automatically append this variable to all external node requests made by machines at that site.
The fullname field is used for human readability in reports and other pages that refer to domains, and also available as an external node parameter.

Configure a Compute Resource

Infrastructure -> Compute Resources -> New Compute Resource

Posted by at
Labels:

2 comments:

  1. jrgrant27 January 2016 at 10:16

    Your command under the "Sanity Check" heading should probably be:
    facter fqdn hostname

    With RHEL 7.2, there is no -f option for facter.

    ReplyDelete
    Replies
    1. Butch30 January 2016 at 05:44

      "make sure the same fully qualified host name is returned by *both* commands" (emphasis my own)

      I think he meant to add a line break because "facter fqdn" and "hostname -f" really should return the same value.

      facter fqdn
      hostname -f

      Delete

Subscribe to: Post Comments (Atom)