RH403 - ch06

Bookmark this page

Guided Exercise: Install a Satellite Capsule Server

Install a Capsule Server by preparing the repositories, Satellite certificate, and an activation key, and by choosing the configuration in the installation program.

Outcomes

Prepare the required resources to install a Capsule Server.
Prepare a system for Capsule Server installation.
Install and configure a Capsule Server.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command ensures that the satellite host is reachable on the network and prepares it for this exercise.

[student@workstation ~]$ lab start capsule-install

Instructions

A Capsule Server must first be registered to an organization that can provide the required RHEL version repositories. Red Hat Satellite 6.11 can deploy RHEL 9 content hosts, but Satellite infrastructure servers are supported only on RHEL 8 host systems. Prepare the RHEL 8 capsule system for installation as a Capsule Server.

Log in to the Satellite Server web UI, https://satellite.lab.example.com, as admin with redhat as the password.
In the upper-left corner of the web page, set the organization to Operations. Set the location to Any Location.
Enable and synchronize the required RHEL 8 repositories for installing a Capsule Server. Create the Capsule activation key for registering a RHEL 8 system to the Operations organization.
Note
The Capsule Server's host can be registered to any organization that can provide the supported RHEL repositories. The host's registration is unrelated to the organizations to which the installed Capsule Server can provide services.
1. Click Content → Red Hat Repositories. Verify that the Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) and the Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) repositories are already in the Enabled Repositories list.
  In the Available Repositories list, enable each of the following repositories. For each repository set, click the greater-than symbol (>) to expand the version information, and then click the plus sign (+) to the right of x86_64 to enable that repository version. Verify that each repository is listed in the Enabled Repositories list, and that the repository is for RHEL 8.
  - Red Hat Satellite Client 6 for RHEL 8 x86_64 (RPMs)
  - Red Hat Satellite Capsule 6.11 for RHEL 8 x86_64 (RPMs)
  - Red Hat Satellite Maintenance 6.11 for RHEL 8 x86_64 (RPMs)
2. Synchronize the newly enabled repositories. Click Content → Products. Select all of the products by clicking the checkbox at the top of the checkbox column. Select Sync Selected from the Select Action list. Wait for the process to complete.
3. Create an activation key for registering a RHEL 8 system to the Operations organization. Click Content → Activation Keys, and then click Create Activation Key. Enter Capsule in the Name field. Select the Unlimited Hosts checkbox. Select the Library environment. Select the Default Organization View content view, and then click Save. On the Details tab in the Activation Key Content section, select 8 from the Release Version list, and then click Save.
4. Configure the required repositories in the activation key. On the Capsule page, click the Repository Sets tab. Verify that the following RHEL 8 repositories are already enabled.
  - Red Hat Enterprise Linux 8 x86_64 - AppStream (RPMs)
  - Red Hat Enterprise Linux 8 x86_64 - BaseOS (RPMs)
  Enable the following additional RHEL 8 repositories. Select the checkboxes for all three repositories, and then select Override to Enabled from the Select Action list.
  - Red Hat Satellite Client 6 for RHEL 8 x86_64 (RPMs)
  - Red Hat Satellite Capsule 6.11 for RHEL 8 x86_64 (RPMs)
  - Red Hat Satellite Maintenance 6.11 for RHEL 8 x86_64 (RPMs)
  Disable the rest of the repositories in the list. Select the checkboxes for the repositories, and then select Override to Disabled from the Select Action list.

[student@workstation ~]$ ssh student@capsule
[student@capsule ~]$ sudo -i
[sudo] password for student: student
[root@capsule ~]#

Install the katello-ca-consumer-latest package from Satellite Server (satellite.lab.example.com).

[root@capsule ~]# dnf localinstall \
http://satellite.lab.example.com/pub/katello-ca-consumer-latest.noarch.rpm
...output omitted...
Is this ok [y/d/N]: y
...output omitted...
Complete!

[root@capsule ~]# subscription-manager register \
--activationkey Capsule \
--org Operations
The system has been registered with ID: 542479c1-4ebc-44ff-b58f-9ea6f0a41f8e
The registered system name is: capsule.lab.example.com

Configure firewall rules on the capsule and satellite systems for the required service ports.

Add the required ports to the capsule system's firewall rules, and make the settings permanent.

[root@capsule ~]# firewall-cmd \
--add-port="53/udp" --add-port="53/tcp" \
--add-port="67/udp" --add-port="69/udp" \
--add-port="80/tcp" --add-port="443/tcp" \
--add-port="5647/tcp" --add-port="8000/tcp" \
--add-port="8140/tcp" --add-port="8443/tcp" \
--add-port="9090/tcp"
success
[root@capsule ~]# firewall-cmd --runtime-to-permanent
success

Verify that the ports on the capsule system are configured.

[root@capsule ~]# firewall-cmd --list-ports
53/udp 53/tcp 67/udp 69/udp 80/tcp 443/tcp 5647/tcp 8000/tcp 8140/tcp 8443/tcp 9090/tcp

In a separate terminal, log in to the satellite system as the student user and switch to the root user.

[student@workstation ~]$ ssh student@satellite
[student@satellite ~]$ sudo -i
[sudo] password for student: student
[root@satellite ~]#

Add the required ports to the satellite system's firewall rules, and make the settings permanent.

[root@satellite ~]# firewall-cmd --add-port="5646/tcp"
success
[root@satellite ~]# firewall-cmd --runtime-to-permanent
success

Verify that the ports on the satellite system are configured. Keep open the satellite system terminal.

[root@satellite ~]# firewall-cmd --list-ports
80/tcp 443/tcp 5647/tcp 8000/tcp 8140/tcp 9090/tcp 53/udp 53/tcp 67/udp
69/udp 5646/tcp

On the capsule system, update the system to the latest RHEL packages, and then install the satellite-capsule package.
1. Enable the satellite-capsule:el8 module on the capsule system.
  Important
  The command displays the warning "Modular dependency problems with Defaults". The satellite-capsule:el8 module enables the postgresql:12 and ruby:2.7 modules, which conflict with the default RHEL 8 module versions. You can safely bypass this warning.
```
[root@capsule ~]# dnf module enable satellite-capsule:el8
...output omitted...
Is this ok [y/N]: y
Complete!
```
2. Update all of the packages on the capsule system. Wait until the process completes.
```
[root@capsule ~]# dnf update
...output omitted...
Is this ok [y/d/N]: y
...output omitted...
Complete!
```
3. Reboot the capsule system. When ready, log in again to the capsule system as the student user and switch to the root user.
```
[root@capsule ~]# reboot
Connection to capsule closed by remote host.
Connection to capsule closed.
[student@workstation ~]$ ssh student@capsule
[student@capsule ~]$ sudo -i
[sudo] password for student: student
[root@capsule]#
```
4. Install the satellite-capsule package. Wait for the process to complete.
```
[root@capsule ~]# dnf install satellite-capsule
...output omitted...
Is this ok [y/d/N]: y
...output omitted...
Complete!
```

On the satellite system, generate a capsule SSL reboot certificate, and then copy it to the capsule system.

Create the /root/capsule_cert directory to store the generated SSL certificate.
```
[root@satellite ~]# mkdir /root/capsule_cert
```

Generate the /root/capsule_cert/capsule_certs.tar SSL certificate archive. Copy the satellite-installer command with all the options. In a later step, you paste the command on the capsule system.

Important

The capsule-certs-generate command generates both the SSL certificates and the command for you to install those certificates on the Capsule Server. Sufficiently widen your terminal window to easily copy the generated command with the continuation backslash (\) character.

[root@satellite ~]# capsule-certs-generate \
--foreman-proxy-fqdn capsule.lab.example.com \
--certs-tar /root/capsule_cert/capsule_certs.tar
Preparing installation Done
  Success!
...output omitted...

satellite-installer \
  --scenario capsule \
  --certs-tar-file                          "/root/capsule_certs.tar"\
  --foreman-proxy-register-in-foreman       "true"\
  --foreman-proxy-foreman-base-url          "https://satellite.lab.example.com"\
  --foreman-proxy-trusted-hosts             "satellite.lab.example.com"\
  --foreman-proxy-trusted-hosts             "capsule.lab.example.com"\
  --foreman-proxy-oauth-consumer-key        "SBQGBLPHyZPMS3npzrvqtYAHykL24t3x"\
  --foreman-proxy-oauth-consumer-secret     "MYqQYgcEqrYdQ3wYpRrttDcvPn8SWijs"

Copy the newly generated SSL certificate to the capsule server.

[root@satellite ~]# scp /root/capsule_cert/capsule_certs.tar \
root@capsule.lab.example.com:/root/capsule_certs.tar
...output omitted...
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
...output omitted...
root@capsule.lab.example.com's password: redhat
capsule_certs.tar                  100%   85KB  40.8MB/s   00:00

On the capsule server, deploy the capsule SSL certificate. Enter or copy and paste the satellite-installer command that the capsule-certs-generate command displayed. Wait for the process to complete, which is estimated to be five minutes.

[root@capsule ~]# satellite-installer \
--scenario capsule \
--certs-tar-file                       "/root/capsule_certs.tar"\
--foreman-proxy-register-in-foreman    "true"\
--foreman-proxy-foreman-base-url       "https://satellite.lab.example.com"\
--foreman-proxy-trusted-hosts          "satellite.lab.example.com"\
--foreman-proxy-trusted-hosts          "capsule.lab.example.com"\
--foreman-proxy-oauth-consumer-key     "SBQGBLPHyZPMS3npzrvqtYAHykL24t3x"\
--foreman-proxy-oauth-consumer-secret  "MYqQYgcEqrYdQ3wYpRrttDcvPn8SWijs"
...output omitted...
  Success!
  * Capsule is running at https://capsule.lab.example.com:9090

  The full log is at /var/log/foreman-installer/capsule.log

In the Satellite Server web UI, assign the Capsule Server to manage the Boston location in the Operations organization.
1. In the upper-left corner of the web page, set the organization to Any Organization. Set the location to Any Location.
  Note
  The capsule.lab.example.com entry is visible only in the Any Organization context, until the Capsule Server is assigned to manage one or more organizations and locations.
2. Click Infrastructure → Capsules. In the capsule.lab.example.com row, click Edit.
3. Click the Locations tab. Click the Boston entry in the All items list to move the location to the Selected items list.
4. Click the Organizations tab. Verify that the Operations organization is in the Selected items list. Click Submit.

Return to the workstation system as the student user.

[root@capsule ~]# exit
logout
[student@capsule ~]$ exit
logout
Connection to capsule closed.
[student@workstation ~]$

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish capsule-install

Discuss Red Hat Satellite 6 Administration

Go to community

Welcome to the Red Hat Satellite 6 Administration (RH403) group in the Red Hat Learning Community!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Satellite 6 Administration! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH403.Read more about Red Hat Satellite 6 Administration here.

Revision: rh403-6.11-3ad886e

Red Hat Satellite 6 Administration

Guided Exercise: Install a Satellite Capsule Server

Note

Important

Important

Note