Red Hat Satellite 6 Administration

Satellite content views determine which software packages are available to install on hosts. Because Puppet might install software packages, the content view that is associated with a system must provide the necessary packages, including dependencies, that Puppet uses to configure services on a system. A content view does not determine how a system is configured; instead, it provides access to the packages that Puppet needs to configure a system.

To use Puppet modules in Satellite, you must create a product and associate that product with a Puppet repository that you upload the needed Puppet modules to.

A previous section in this course describes how to create a product, and how to define a content view that provides access to software packages. This section explains how to define content views to support Puppet configuration. Such content views must provide access to the puppet package and its dependencies. At a minimum, the Red Hat Satellite Tools 6.10 and the Red Hat Enterprise Linux DNF repositories provide these packages.

Also consider the additional software that Puppet classes need. Puppet classes can include manifests that install additional software. For example, a Puppet class that configures a web server might install the httpd package and its dependencies.

Content views determine which Puppet modules hosts can access. When you define modules in a content view, these modules are available but not active. When you edit a selected content view from the Content → Content Views page, click the Puppet Modules tab. Click Add New Module to publish previously loaded modules in Satellite Server to hosts. After you create a content view, publish it and promote it to the software environment where the managed host is registered.

After you create, publish, and promote a content view, Red Hat Satellite creates a Puppet environment for that content view in each of the lifecycle environments in the organization. Puppet environment names have the following structure, where ORG is the organization name, ENV is the lifecycle environment, VIEW is the content view name, and # is an internal sequence number:

KT_ORG_ENV_VIEW_#

Some menu items are not active when assigning a host group to a host if you do not assign a Puppet environment.

After you create the content view for the Puppet host, register the host to associate it with that content view. You can use an activation key to automate this process. When you create an activation key, associate the hosts to the environment and content view that provide the required Puppet modules.

To register a managed host to Satellite with an activation key by using the Satellite web UI, choose the appropriate organization, and navigate to Content → Activation Keys. Then, click an existing activation key or create one by clicking New Activation Key. Selecting an existing activation key displays a page to choose the required software environment and content view.

Install the CA certificate RPM that signs the Satellite Server host certificate. Then, use the activation key to register the system to an organization.

[root@host ~]# dnf localinstall \
http://SATELLITE.FQDN/pub/katello-ca-consumer-latest.noarch.rpm
[root@host ~]# subscription-manager register --org=ORG --activationkey='KEY'

Install the Puppet agent software after you register the host so that it can access the appropriate repositories. You can also install the packages in advance when building VM base images.

Use the dnf command to install the puppet package from the CLI. The katello-agent package is usually installed when you register the managed host.

[root@host ~]# dnf install puppet katello-agent

Then, modify the primary agent configuration file by adding the following line with your server FQDN to the /etc/puppetlabs/puppet/puppet.conf file. This modification ensures that the Puppet agent uses the correct server as a Puppet master.

server=satellite.FQDN

To complete the host registration transaction, you must connect with the Puppet master and sign the Puppet agent host certificate.

To sign the agent host certificate from the CLI, first use the puppet command for the Puppet agent to contact the Puppet master.

[root@host ~]# puppet agent --test --noop

The Puppet agent sends a host certificate to the Puppet master to enable secure communications. The --noop option prevents the agent from trying to apply changes that the Puppet master suggests. You can also use the puppet --waitforcert=DELAY option. With this option, the Puppet agent connects to the master every DELAY seconds and asks it to sign its host certificate request. The default delay value is 120 seconds.

Then, log in to the Satellite web UI and sign the host certificate that the agent presents. Set the organization context to Any Organization, and navigate to Infrastructure → Capsules. In the Actions column for the Capsule Server hostname, click the down arrow next to the Edit button and then click Certificates to display a list of host certificates. Click Sign at the right of the hostname so that it can connect to Satellite Server.

You can configure Satellite to auto-sign Puppet host certificates. When the list of host certificates for a Capsule Server is displayed, click Autosign Entries above the list. You can use this option to create hostname entries (which can include wildcards) with automatically signed host certificates when they first connect to Satellite Server.

Use the systemctl command to start daemons and services immediately and persistently. The following commands start and enable the Puppet agent as a daemon on a Red Hat Enterprise Linux 8 system:

[root@host ~]# systemctl enable --now puppet.service
ln -s '/usr/lib/systemd/system/puppet.service' '/etc/systemd/multi-user.target.wants/puppet.service'