RH403 - ch13s03

Bookmark this page

Lab: Install and Configure a Satellite Capsule Server

Install and configure an external Capsule Server.

Outcomes

Configure Satellite Server with the required resources for enabling an external Capsule Server.
Prepare a host system for installing a Capsule Server.
Install and configure the Capsule Server.

Important

The comprehensive review labs are related exercises, and you can start with any lab in the sequence. If you reset your lab environment before your first comprehensive review lab, then you do not need to reset again. If you did not reset your lab environment after performing exercises from previous chapters, then you must reset your lab environment before starting any comprehensive review lab.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This start command will take time to complete as it prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start compreview-capsule

Specifications

Prepare the required repositories for installing a Capsule Server on a RHEL 8 system:
- Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8
- Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8
- Red Hat Satellite Capsule 6.11 for RHEL 8 x86_64 RPMs
- Red Hat Satellite Maintenance 6.11 for RHEL 8 x86_64 RPMs
- Red Hat Satellite Client 6 for RHEL 8 x86_64 RPMs
Create the Capsule activation key in the Operations organization, with the following attributes:
- Registers a maximum of three hosts.
- Registers a content host to the Library lifecycle environment and to the Default Organization View content view.
- Uses Simple Content Access for all of the Operations organization's RHEL 8 repositories.
Register the capsule system to the Operations organization by using the Capsule activation key.
Configure firewall rules for communication between the satellite and capsule systems to support an external Capsule Server.
Generate a Satellite certificate for the Capsule Server, and use it to install and configure the Capsule Server on the capsule system.
Configure the Capsule Server to manage the Finance organization and the San Francisco location.

Log in to the Satellite Server web UI, https://satellite.lab.example.com, as the admin user with redhat as the password.
In the upper-left corner of the web page, set the organization to Operations. Set the location to Any Location.
Enable and synchronize the following required repositories:
- Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8
- Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8
- Red Hat Satellite Capsule 6.11 for RHEL 8 x86_64 RPMs
- Red Hat Satellite Maintenance 6.11 for RHEL 8 x86_64 RPMs
- Red Hat Satellite Client 6 for RHEL 8 x86_64 RPMs
1. Click Content → Red Hat Repositories. Enable the Recommended Repositories switch to limit the list to only the recommended repositories.
2. In the Available Repositories list, locate and expand each repository from the specified list, and then click the plus sign (+) to enable the x86_64 repository version. Some repositories are already present in the Available Repositories list. Verify that each repository is in the Enabled Repositories list, and that the repository is for RHEL 8.
3. Click Content → Products. Select the checkboxes for all the products, and then click Select Action → Sync Selected. Wait for the process to complete.
Create the Capsule activation key.
1. Click Content → Activation Keys, and then click Create Activation Key. Enter Capsule in the Name field. Clear the Unlimited Hosts checkbox, and then set the limit to 3.
2. Select the Library environment. Select the Default Organization View content view. Click Save.

[student@workstation ~]$ ssh student@capsule
[student@capsule ~]$ sudo -i
[sudo] password for student: student
[root@capsule ~]#

Install the client certificate package, katello-ca-consumer-latest.noarch.rpm, on the capsule system.

[root@capsule ~]# dnf localinstall \
http://satellite.lab.example.com/pub/katello-ca-consumer-latest.noarch.rpm

[root@capsule ~]# subscription-manager register --org=Operations \
--activationkey=Capsule
The system has been registered with ID: 5ad62619-2e5e-4561-83e7-d15ab8c5233c
The registered system name is: capsule.lab.example.com

Enable only the required software and repositories for the Capsule Server installation.

Disable all the repositories.

[root@capsule ~]# subscription-manager repos --disable "*"

List all the available repositories.

[root@capsule ~]# subscription-manager repos --list
----------------------------------------------------------
    Available Repositories in /etc/yum.repos.d/redhat.repo
----------------------------------------------------------
Repo ID:   rhel-8-for-x86_64-appstream-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
Repo URL:  https://satellite.lab.example.com/pulp/content/Finance/Library/content/dist/rhel8/$releasever/x86_64/appstream/os
Enabled:   0

Repo ID:   satellite-maintenance-6.11-for-rhel-8-x86_64-rpms
Repo Name: Red Hat Satellite Maintenance 6.11 for RHEL 8 x86_64 (RPMs)
Repo URL:  https://satellite.lab.example.com/pulp/content/Finance/Library/content/dist/layered/rhel8/x86_64/sat-maintenance/6.11/os
Enabled:   0

Repo ID:   satellite-capsule-6.11-for-rhel-8-x86_64-rpms
Repo Name: Red Hat Satellite Capsule 6.11 for RHEL 8 x86_64 (RPMs)
Repo URL:  https://satellite.lab.example.com/pulp/content/Finance/Library/content/dist/layered/rhel8/x86_64/sat-capsule/6.11/os
Enabled:   0

Repo ID:   rhel-8-for-x86_64-baseos-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
Repo URL:  https://satellite.lab.example.com/pulp/content/Finance/Library/content/dist/rhel8/$releasever/x86_64/baseos/os
Enabled:   0

Repo ID:   satellite-client-6-for-rhel-8-x86_64-rpms
Repo Name: Red Hat Satellite Client 6 for RHEL 8 x86_64 (RPMs)
Repo URL:  https://satellite.lab.example.com/pulp/content/Finance/Library/content/dist/layered/rhel8/x86_64/sat-client/6/os
Enabled:   0

Enable the required repositories for the Capsule Server installation.

[root@capsule ~]# subscription-manager repos \
--enable=rhel-8-for-x86_64-appstream-rpms \
--enable=satellite-maintenance-6.11-for-rhel-8-x86_64-rpms \
--enable=satellite-capsule-6.11-for-rhel-8-x86_64-rpms \
--enable=rhel-8-for-x86_64-baseos-rpms \
--enable=satellite-client-6-for-rhel-8-x86_64-rpms
Repository 'rhel-8-for-x86_64-appstream-rpms' is enabled for this system.
Repository 'satellite-maintenance-6.11-for-rhel-8-x86_64-rpms' is enabled for this system.
Repository 'satellite-capsule-6.11-for-rhel-8-x86_64-rpms' is enabled for this system.
Repository 'rhel-8-for-x86_64-baseos-rpms' is enabled for this system.
Repository 'satellite-client-6-for-rhel-8-x86_64-rpms' is enabled for this system.

Enable the satellite-capsule:el8 module.
```
[root@capsule ~]# dnf module enable satellite-capsule
...output omitted...
Is this ok [y/N]: y
Complete!
```
Important
The satellite-capsule:el8 module enables the postgresql:12 and ruby:2.7 modules, which conflict with the default RHEL 8 modules. The warning can be safely ignored.

Update the capsule operating system, and then install the satellite-capsule package.

Update the system. Reboot the capsule system when the update is complete. Log in again when the reboot is complete.

[root@capsule ~]# dnf update
...output omitted...
[root@capsule ~]# reboot
...output omitted...
[student@workstation ~]$ ssh student@capsule
[student@capsule ~]$ sudo -i
[sudo] password for student: student
[root@capsule ~]#

Install the satellite-capsule package and its dependencies.

[root@capsule ~]# dnf install satellite-capsule
...output omitted...

Configure and verify the firewall rules on both the satellite and the capsule systems.

Configure the capsule system firewall.

[root@capsule ~]# firewall-cmd \
--add-port="53/udp" --add-port="53/tcp" \
--add-port="67/udp" --add-port="69/udp" \
--add-port="80/tcp" --add-port="443/tcp" \
--add-port="5647/tcp" --add-port="8000/tcp" \
--add-port="8140/tcp" --add-port="8443/tcp" \
--add-port="9090/tcp"
success
[root@capsule ~]# firewall-cmd --runtime-to-permanent
success

Verify that the ports on the capsule server are now open.

[root@capsule ~]# firewall-cmd --list-ports
53/tcp 80/tcp 443/tcp 5647/tcp 8000/tcp 8140/tcp 8443/tcp 9090/tcp 53/udp 67/udp 69/udp

In a separate terminal, log in to the satellite server as the student user and switch to the root user.

[student@workstation ~]$ ssh student@satellite
[student@satellite ~]$ sudo -i
[sudo] password for student: student
[root@satellite ~]#

Configure the satellite system firewall.

[root@satellite ~]# firewall-cmd --add-port="5646/tcp"
success
[root@satellite ~]# firewall-cmd --runtime-to-permanent
success

Verify that the correct ports on the satellite server are now open.

[root@satellite ~]# firewall-cmd --list-ports
53/tcp 80/tcp 443/tcp 5646/tcp 5647/tcp 8000/tcp 8140/tcp 9090/tcp 53/udp 67/udp 69/udp

On the satellite system, generate and store the Capsule Server certificate, and then copy it to the capsule system.

Create the /root/capsule_cert/ directory to store the certificate.
```
[root@satellite ~]# mkdir /root/capsule_cert
```

Generate a certificate for capsule.lab.example.com.

[root@satellite ~]# capsule-certs-generate \
--foreman-proxy-fqdn capsule.lab.example.com \
--certs-tar /root/capsule_cert/capsule_certs.tar
Preparing installation Done
  Success!

...output omitted...
  3. Run the following commands on the Capsule (possibly with the customized
     parameters, see satellite-installer --scenario capsule --help and
     documentation for more info on setting up additional services):

  satellite-installer \
     --scenario capsule \
     --certs-tar-file                       "/root/capsule_certs.tar"\
     --foreman-proxy-register-in-foreman    "true"\
     --foreman-proxy-foreman-base-url       "https://satellite.lab.example.com"\
     --foreman-proxy-trusted-hosts          "satellite.lab.example.com"\
     --foreman-proxy-trusted-hosts          "capsule.lab.example.com"\
     --foreman-proxy-oauth-consumer-key     "PmZ4VTgVguPEd8vDccZY84x7gZA9Tmxg"\
     --foreman-proxy-oauth-consumer-secret  "oJPm3EwDzHQqUywtgn7qfkaT6nqZdgkP"

Copy the newly generated SSL certificate to the capsule server.

[root@satellite ~]# scp /root/capsule_cert/capsule_certs.tar \
root@capsule.lab.example.com:/root/capsule_certs.tar
...output omitted...
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
...output omitted...
root@capsule.lab.example.com's password: redhat
capsule_certs.tar                 100%  124KB  86.9MB/s   00:00

Install the Capsule Server on the capsule system.

In the capsule system terminal, install the Capsule Server. Copy and paste the generated output from the previous capsule-certs-generate command.

[root@capsule ~]# satellite-installer \
--scenario capsule \
--certs-tar-file                           "/root/capsule_certs.tar" \
--foreman-proxy-register-in-foreman        "true" \
--foreman-proxy-foreman-base-url           "https://satellite.lab.example.com" \
--foreman-proxy-trusted-hosts              "satellite.lab.example.com" \
--foreman-proxy-trusted-hosts              "capsule.lab.example.com" \
--foreman-proxy-oauth-consumer-key         "PmZ4VTgVguPEd8vDccZY84x7gZA9Tmxg" \
--foreman-proxy-oauth-consumer-secret      "oJPm3EwDzHQqUywtgn7qfkaT6nqZdgkP"
2022-08-23 21:54:06 [NOTICE] [root] Loading installer configuration. This will take some time.
...output omitted...
  Success!
  * Capsule is running at https://capsule.lab.example.com:9090

  The full log is at /var/log/foreman-installer/capsule.log

Use the Satellite Server web UI to configure the new Capsule Server with the organization and location to manage.
1. In the upper-left corner of the web page, set the organization to Any Organization. Set the location to Any Location.
2. Click Infrastructure → Capsules, and then click the capsule.lab.example.com link. Confirm that the Communication status mark is green, which means that Satellite Server can communicate with the Capsule Server.
3. Click Edit, and then click the Locations tab. In the Available items list, click the San Francisco location to move it to the Selected items list.
4. Click the Organizations tab. Verify that the Finance organization is in the Selected items list. Click Submit.

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade compreview-capsule

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish compreview-capsule

Discuss Red Hat Satellite 6 Administration

Go to community

Welcome to the Red Hat Satellite 6 Administration (RH403) group in the Red Hat Learning Community!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Satellite 6 Administration! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH403.Read more about Red Hat Satellite 6 Administration here.

Revision: rh403-6.11-3ad886e