RH403 - ch11s02

Preface A: Introduction

Section A.1: Red Hat Satellite 6 Administration

Section A.2: Orientation to the Classroom Environment

Section A.3: Performing Lab Exercises

Chapter 1: Plan and Deploy Red Hat Satellite

Section 1.1: Describe Red Hat Satellite

Section 1.2: Quiz: Describe Red Hat Satellite

Section 1.3: Plan a Red Hat Satellite Deployment

Section 1.4: Guided Exercise: Plan a Red Hat Satellite Deployment

Section 1.5: Install Red Hat Satellite

Section 1.6: Guided Exercise: Validate a Red Hat Satellite Installation

Section 1.7: Administer Red Hat Satellite with Hammer

Section 1.8: Guided Exercise: Administer Red Hat Satellite with Hammer

Section 1.9: Configure Organizations and Content Manifests

Section 1.10: Guided Exercise: Configure Organizations and Content Manifests

Section 1.11: Lab: Plan and Deploy Red Hat Satellite

Section 1.12: Summary

Chapter 2: Manage Software Lifecycles

Section 2.1: Synchronize Red Hat Content

Section 2.2: Guided Exercise: Synchronize Red Hat Content

Section 2.3: Create Software Lifecycles

Section 2.4: Guided Exercise: Create Software Lifecycles

Section 2.5: Publish and Promote Content Views

Section 2.6: Guided Exercise: Publish and Promote Content Views

Section 2.7: Lab: Manage Software Lifecycles

Section 2.8: Summary

Chapter 3: Register Hosts

Section 3.1: Register and Configure Content Hosts

Section 3.2: Guided Exercise: Register and Configure Content Hosts

Section 3.3: Manage Hosts with Host Collections

Section 3.4: Guided Exercise: Manage Hosts with Host Collections

Section 3.5: Automate with Activation Keys

Section 3.6: Guided Exercise: Automate with Activation Keys

Section 3.7: Lab: Register Hosts

Section 3.8: Summary

Chapter 4: Deploy Software to Hosts

Section 4.1: Control Software with Content Views

Section 4.2: Guided Exercise: Control Software with Content Views

Section 4.3: Create Content View Filters

Section 4.4: Guided Exercise: Create Content View Filters

Section 4.5: Manage and Apply Errata to Hosts

Section 4.6: Guided Exercise: Manage and Apply Errata to Hosts

Section 4.7: Lab: Deploy Software to Hosts

Section 4.8: Summary

Chapter 5: Deploy Custom Software

Section 5.1: Create Custom Products and Repositories

Section 5.2: Guided Exercise: Create Custom Products and Repositories

Section 5.3: Create Products with Repository Discovery

Section 5.4: Guided Exercise: Create Products with Repository Discovery

Section 5.5: Administer Custom Products and Repositories

Section 5.6: Guided Exercise: Administer Custom Products and Repositories

Section 5.7: Lab: Deploy Custom Software

Section 5.8: Summary

Chapter 6: Deploy Satellite Capsule Servers

Section 6.1: Install a Satellite Capsule Server

Section 6.2: Guided Exercise: Install a Satellite Capsule Server

Section 6.3: Configure Satellite Capsule Server Services

Section 6.4: Guided Exercise: Configure Satellite Capsule Server Services

Section 6.5: Publish Content Views to a Satellite Capsule Server

Section 6.6: Guided Exercise: Publish Content Views to a Satellite Capsule Server

Section 6.7: Quiz: Deploy Satellite Capsule Servers

Section 6.8: Summary

Chapter 7: Run Remote Execution

Section 7.1: Run Remote Jobs on Managed Hosts

Section 7.2: Guided Exercise: Run Remote Jobs on Managed Hosts

Section 7.3: Configure Ansible Remote Execution

Section 7.4: Guided Exercise: Configure Ansible Remote Execution

Section 7.5: Run Remote Puppet Jobs on Managed Hosts

Section 7.6: Guided Exercise: Run Remote Puppet Jobs on Managed Hosts

Section 7.7: Lab: Run Remote Execution

Section 7.8: Summary

Chapter 8: Prepare Network Resources for Host Provisioning

Section 8.1: Configure a Satellite Server for Host Provisioning

Section 8.2: Guided Exercise: Configure a Satellite Server for Host Provisioning

Section 8.3: Prepare Network Configuration for Provisioning

Section 8.4: Guided Exercise: Prepare Network Configuration for Provisioning

Section 8.5: Lab: Prepare Network Resources for Host Provisioning

Section 8.6: Summary

Chapter 9: Provision Content Hosts

Section 9.1: Configure and Provision a Content Host

Section 9.2: Guided Exercise: Configure and Provision a Content Host

Section 9.3: Build an Image for Provisioning

Section 9.4: Guided Exercise: Build an Image for Provisioning

Section 9.5: Lab: Provision Content Hosts

Section 9.6: Summary

Chapter 10: Automate Red Hat Satellite Management

Section 10.1: Query the Red Hat Satellite API

Section 10.2: Guided Exercise: Query the Red Hat Satellite API

Section 10.3: Manage Red Hat Satellite with Ansible

Section 10.4: Guided Exercise: Manage Red Hat Satellite with Ansible

Section 10.5: Lab: Automate Red Hat Satellite Management

Section 10.6: Summary

Chapter 11: Maintain a Red Hat Satellite Server

Section 11.1: Delegate Tasks with User Roles

SectionSection 11.2: Guided Exercise: Delegate Tasks with User Roles

Section 11.3: Configure Backup and Restore Operations

Section 11.4: Guided Exercise: Configure Backup and Restore Operations

Section 11.5: Manage Red Hat Satellite Databases

Section 11.6: Guided Exercise: Manage Red Hat Satellite Databases

Section 11.7: Export and Import Content Views

Section 11.8: Guided Exercise: Export and Import Content Views

Section 11.9: Lab: Maintain a Red Hat Satellite Server

Section 11.10: Summary

Chapter 12: Integrate Red Hat Satellite with Hybrid Cloud Platforms

Section 12.1: Run a Red Hat Satellite Server on a Cloud Platform

Section 12.2: Quiz: Run a Red Hat Satellite Server on a Cloud Platform

Section 12.3: Manage Content Hosts on Amazon Web Services

Section 12.4: Manage Content Hosts on Google Compute Platform

Section 12.5: Manage Content Hosts on Microsoft Azure

Section 12.6: Summary

Chapter 13: Comprehensive Review

Section 13.1: Comprehensive Review

Section 13.2: Lab: Configure a Satellite Server

Section 13.3: Lab: Install and Configure a Satellite Capsule Server

Section 13.4: Lab: Provision a Host

Section 13.5: Lab: Remote Execution

Section 13.6: Lab: Sign RPM Packages

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12 13

Guided Exercise: Delegate Tasks with User Roles

Create a user with a granular administrative role.

Outcomes

Create a Satellite role.
Create a Satellite user.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start maintain-user

Instructions

The Operations organization wants to delegate user administration to specific Satellite users without permitting other Satellite Administrator privileges. A designated Satellite user can create users and view existing users, but is not permitted to delete users, within the Operations organization.

Create an ops-user-admin role. Create a user-admin user with redhat as the password in the Operations organization. Then, assign the ops-user-admins role. Use the user-admin user to test creating an example intern034 user with default permissions. Verify that the user-admin user cannot delete users.

Log in to the Satellite Server web UI, https://satellite.lab.example.com, as the admin user with redhat as the password.
In the upper-left corner of the web page, set the organization to Operations. Set the location to Any Location.
Create the ops-user-admin role by cloning the System admin role, and then by editing the cloned role.
1. Click Administer → Roles. Only the first 20 predefined roles are displayed. The roles with a lock icon cannot be changed, and must be cloned to create a role with similar privileges.
2. In the list of roles, locate the predefined System admin role that manages users, roles, organizations, locations, and other resources. In the System admin row, click the down-arrow icon to the right of the Filters button, and then select Clone from the list.
3. In the Create Role page, enter ops-user-admin in the Name field. In the selection tool, click the Operations organization to move it to the Selected items list. Leave the other fields unchanged, and then click Submit.
Restrict the ops-user-admin role to create and edit but not delete users.
1. In the Roles table, locate the ops-user-admin role and click Filters. The role resource page is displayed.
2. Keep the Filter, Location, Role, (Miscellaneous), Organization, and User resources. Remove the other resources from the role's filter table. For each resource, select Delete from the Edit list in the Actions column, and then click Confirm.
3. Modify the Location resource by clicking Edit on the resource row. Keep the assign_locations and view_locations permissions in the Selected items list. Remove the other permissions by clicking each permission to move it to the All items list. Click Submit.
4. Modify the Role resource by clicking Edit on the resource row. Keep the view_roles permissions in the Selected items list. Remove the other permissions by clicking each permission to move it to the All items list. Click Submit.
5. Modify the Organization resource by clicking Edit on the resource row. Keep the assign_organizations and view_organizations permissions in the Selected items list. Remove the other permissions by clicking each permission to move it to the All items list. Click Submit.
6. Modify the User resource by clicking Edit on the resource row. Keep the create_users, edit_users, and view_users permissions in the Selected items list. Remove the other permissions by clicking each permission to move it to the All items list. Click Submit.
Create a user-admin user with redhat as the password. Restrict the account to access only the Operations organization. Assign the ops-user-admin role to the user-admin user.
1. Click Administer → Users, and then click Create User. On the User tab, enter the information for the following fields. Leave the other fields unchanged.
  Field Value
  Username user-admin
  Email Address root@satellite.lab.example.com
  Authorized by INTERNAL
  Password redhat
  Verify redhat
2. Click the Organizations tab. Edit the organizations so that the Operations organization is in the Selected items list, and all other organizations are in the All items list. Select Operations in the Default on login list.
3. Click the Locations tab. Click Boston to move it to the Selected items list. Select Boston in the Default on login field. Click Submit.
4. Click the Roles tab. Click ops-user-admin to move it to the Selected items list. Click Submit.
Log in as the user-admin user and test the ops-user-admin role by creating the intern034 user.
1. In the Satellite web UI, log out of the admin user. Log in as the user-admin user with redhat as the password.
  A "Permission denied" screen is displayed, because the user-admin user does not have permission for the default Hosts → All Hosts page. Only the Monitor, Configure, and Administer menus are available to this user.
2. In the upper-left corner of the web page, set the organization to Operations. Set the location to Boston.
3. Click Administer → Users. Only the user-admin user appears in the list, because this user can view only the users in the Operations organization.
4. Click Create User. On the User tab, enter the information for the following fields. Leave the other fields unchanged.
  Field Value
  Username intern034
  Email Address root@satellite.lab.example.com
  Authorized by INTERNAL
  Password temp123
  Verify temp123
5. Click the Roles tab. Click Remote Execution User to move it to the Selected items list. Click Submit.
Test the intern034 user.
1. In the Satellite web UI, log out of the user-admin user. Log in as the intern034 user with temp123 as the password.
2. The intern034 user has access to a limited menu. The menu includes only the Monitor, Content, Hosts, Infrastructure, and Administer tabs.
3. Log out of the intern034 account.

Field	Value
Username	`user-admin`
Email Address	`root@satellite.lab.example.com`
Authorized by	`INTERNAL`
Password	`redhat`
Verify	`redhat`

Field	Value
Username	`intern034`
Email Address	`root@satellite.lab.example.com`
Authorized by	`INTERNAL`
Password	`temp123`
Verify	`temp123`

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish maintain-user

Discuss Red Hat Satellite 6 Administration

Go to community

Welcome to the Red Hat Satellite 6 Administration (RH403) group in the Red Hat Learning Community!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Satellite 6 Administration! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH403.Read more about Red Hat Satellite 6 Administration here.

Revision: rh403-6.11-3ad886e