Red Hat Satellite 6 Getting Started Video Series has begun

Latest response

Hi folks,

My name is Dan Macpherson and I'm a Senior Technical Writer at Red Hat. A while back I was in discussions with some people on the Satellite forums and asked how people were using their Satellite. Based on these discussions, I started developing an idea to make some videos that looked at Satellite 6's features. What I wanted to do was create a set of successive videos, each building upon the previous one, that shows how to get started with using Satellite 6.

I'm excited to report that the first four videos in this series are now live on the Customer Portal:

This is only just the beginning. I have plans to make further videos that look at more features such as system provisioning and Puppet configuration.

Also, I want to hear from you! If anyone has any suggestions for improvements or suggestions for future video topics, please let me know in this thread. I'm very keen to produce more videos about topics that require more info.

Thanks and I hope you enjoy the videos!

Responses

These look cool, Dan. Thanks for posting them!

Thanks, will give these a go and give feedback as we've been struggling at getting our Sat6 implementation going for a while now.

Any feedback would be awesome. Keep in mind also there are still more videos on the way. So more information on advanced topics are on the way. In the meantime, if there's anything you'd like more info on, please let me know and I'll see what I can do to help.

Great to hear an Aussie in a Red Hat video! (even if it is a QLDer)

Thanks for the post.

(even if it is a QLDer)

My reaction

Dan,

I am really keen to hear the explanation for this (from the Satellite 6.0 User Guide)

10.4. Registration
⁠10.4.1. Registering a Host
These steps show how to register hosts in Red Hat Satellite Server. Hosts provisioned by Satellite Server appear on the All Hosts page accessible through Hosts → All hosts. Hosts registered to the Satellite Server via Red Hat Subscription Manager, which can occur either during the post phase of a kickstart or through the terminal, will appear on the Content Hosts page accessible through Hosts → Content Hosts.

Why does 'All Hosts' not include 'Content Hosts'?

Good question. One of the things I think we (the docs team) might need to make clearer is the distinction between a host and a content host, because the terms alone are a little misleading. Essentially you have to treat them as two different sets of database records (though they can be linked together in some ways).

So a "host" is a record of a host including system status, power management, template and reports from Puppet runs. These records are most of the time created at the point of provisioning a system (though not always, and I'll get to that a bit later).

A "content host" on the other hand is essentially a registration record for a Red Hat Enterprise Linux host. So any system that gets registered using subscription-manager to the Satellite gets added to this section.

If you look in the default Sat 6 kickstart templates (Hosts > Provisioning Templates), there's a snippet for system registration back to the Satellite using subscription-manager. This means provisioning a new system running RHEL is a two-step process:

  1. Provision the system, which adds a record to "hosts"
  2. After the initial system installation, register the system to Satellite, which adds a record to "content hosts"

The tricky part to this is when registering an existing host to Satellite, it only adds a record to "content hosts" but not a record to "hosts" automatically. If it did, it would cause issues with the standard provisioning lifecycle (i.e. you would have two "hosts" records -- one upon provisioning the system and one after registration).

At this point, you might be thinking, "What do I do if I want my content hosts to appear is my 'all hosts' section?" The bad news is this has to be done manually. You do this by creating a new host record without provisioning a new system. It's a case of either:

a) in the GUI, creating a new host and disabling "Build mode" under "Operating System"
b) In the hammer CLI, using the --build=false when using "hammer host create"

You also need to manually specify the IP and MAC address information.

I'm not sure if there's a plan to simplify this for Satellite 6.1, but I can check and let you know. Otherwise this might be a good RFE for Satellite 6.

Dan,

Thanks for the thorough response, much appreciated.

Even with this response in mind, I have trouble following why this level of complexity is introduced to the UI/management. Essentially they are all just managed hosts with varying levels of management. Content hosts only access content (eg. Yum) and 'hosts' access configuration management information as well as content. This could be presented as a single list of hosts with 'features' or 'capabilities' associated with them.

It appears the major assumption made is that Satellite 6 will be the single life cycle management tool on site for Linux. Take for an example when a customer has a single provisioning life cycle management/deployment tool for both Windows/Linux.

I am currently running through a PoC of 6.1 and the result appears to be the same. In a situation where the requirement is to build a Red Hat host using an external life cycle management tool, but register it against Satellite for patching (Yum) and config management (Puppet), how should this be approached? Should I be using the API/hammer to create a host in 'all hosts' to associate with my 'content host' that is created in the kickstart post?

I will take a look at the hammer CLI as I should be able to fetch the MAC from the provisioning tool and the IP from IPAM before registration, thanks for the suggestion.

I agree completely that there should be some convergence between the two, even on a UI level. I'll speak with the engineering team and see if there's some way to enhance this aspect.

With regards to your solution, yep, that sounds like how I'd do it -- the hammer tool is most likely the best bet. If not, you could also interface directly with Satellite 6's REST API directly.

Dan,

To clarify,

The only way to manage configure a host with Puppet using Satellite 6.x is by creating a host profile for the host? ie. If I want to deploy Puppet configuration to an existing host I must use 'New Host' to make a profile for the host in Satellite 6.x to associate Puppet classes to this host?

-edit-

The user guide filled the gaps that were missing, this is how I registered an existing host:
1. Create 'New Host' record including details such as MAC etc. with disabled build mode
2. Register host with subscription manager
3. Subscribe to Satellite 6 tools channel using subscription manager (to access Katello and Puppet rpms)
4. Install and start katello-agent
5. Install, Configure and start Puppet
6. Create Puppet certificate signing request on Satellite server from host
7. Sign certificate in Satellite Web UI
8. Run Puppet remediation on node

So the process is clumsy, but works, it's just getting step 1. to happen in an automated manner... which is what I am looking at the API / Hammer for.

Yes, that's the right process. And yes, using either the API or Hammer (which is essentially a CLI interface to the API) is the way to automate that first step.

Also, I checked with our engineering team and they've definitely got convergence between hosts and content hosts on the to-do list for a future version.

The videos are really nice Danial; thanks.

What is the different between ticking "Red Hat Enterprise Linux 7 Server RPMs x86_64 7Server" and ticking "Red Hat Enterprise Linux 7 Server RPMs x86_64 7.X" while syncing Red Hat content (under Content/Red Hat Repos & RPMs tab)?

Hi Alpaslan,

Good question. Choosing the "7.X" repositories means the content from a specific release (and its errata) gets synced. This is useful if you're looking for a specific release for stability purposes.

If you choose the 7Server version, this latest packages in the RHEL 7 release get synced. So you might use a 7.x version for production and use 7Server for development and testing.

Thanks for the useful videos Dan, I had to look up what a "QLD" or "QLDer" was (Thanks for the enlightenment with that Pixel)

Glad they were useful. I'm planning to release some more soon, looking at topics like upgrading, composite content views, and network configs.

Looking forward to these!

I think content views and composite content views needs some attention, either with videos or additional documentation. Having just defined a work process for patching with content views/composite views/life cycles, some of the items that appear straight forward / trivial in documentation lead to major complexity in management.

I'm glad that you mention this. I'm currently writing some new documentation that goes into detail about content management, including content views.

Was there anything specific about content views that you think I should explore in the new doc?

Dan,

I started putting together a scenario in this discussion but I think it was going a bit off topic for this video thread, so have created a new discussion here:

https://access.redhat.com/discussions/2114791

Very interested to work through/discuss the finer points in the above discussion thread. The result can perhaps make up a case study or example in future Satellite documentation that you're putting together.

Cool. I'll keep this in mind when I delve into errata management topics.

Thanks Daniel.

Although I choose 7.1 as the "Release Version" for a host, it's updated to 7.2. when I do a "yum update"; is this the expected behaviour? If we want a host to stay on a minor version, are we exptected to use "content views"?

Yep, so you need need to do the following:

1 - Create a new content view

2 - Add only the repository for the specific version

3 - Promote the content view from Library to an environment

4 - Create an activation key for that environment

5 - Provision a new host using the environment with the content view and activation key

What happens under the hood is that Satellite (or more specifically Pulp) creates its own repository based on the content view. Satellite provisions the host and the default kickstart template should register it to use the content view-based repository.

Hope that helps. Let me know if you need more details.

Thanks a lot Daniel. Here's another question for you.

When I provision a host I see that puppet service is enabled and started after the installation but relevant puppet actions are not taken due to certificate problem. I have to manually sign the host certificate (Infrastructure/Capsules/Certificates) although I used "Autosign Entires". At first I thought wildcards were not honored (like *.example.com) but it not work when I entered fqdn, too. Is there any method to automate the provisioning process without manual intervention?

Alpaslan,

I covered the issue of fully automated registration of hosts in this discussion, it may assist in answering your question: https://access.redhat.com/discussions/1528223

Yep, what PD.NET describes in that thread is the way to go. Wildcards should be honored. However, if it's not working for you and manual intervention is still required, I'd recommend filing a support case for this. As far as I've tested, the provisioning process should be automatic including Puppet config.

Hi Dan,

How to download these video's, for most of external employee's are not allowed to get a Red Hat login?

I would like the designer of our new Satellite environment to watch the video's.

Kind regards,

Jan Gerrit Kootstra

:) Me too :)

Sorry, guys. We can't make the videos available for download because they're premium content for Red Hat customers and not for distribution outside the Customer Portal.

Pixel, Dan, thanks a lot.

After updating autosign.conf which service should be restarted? I'd like to try wild cards some more. katello-service restart takes too long,

As far as I know, you shouldn't need to restart any services. However, if you're looking to restart the Puppet services, they're controlled as part of Satellite 6 Capsule, which means you need to restart the foreman-proxy service. This should also restart any other Capsule-controlled services too (DNS, DHCP, etc)

Hey Daniel,

Awesome videos, thank you so much! Any plans for doing more videos on RH satellite 6? Quick question, why am I getting "rhel-7-server-satellite-6.0-rpms does not match a valid repository ID"? When I do "subscription-manager repos --list | grep 'satellite' " all I get is satellite-tools rpms but not actual server-satellite-6.0 rpm.

Thanks

Thanks for the kind words! There are plans to produce more. I'm even looking at updating the existing videos for Satellite 6.2.x.

As for the repository issue, it sounds like you've got a standard RHEL subscription attached to the server and not a Satellite subscription. You might need to check what subscriptions you have attached and what subscriptions you have available.

To check what's currently attached:

$ subscription-manager list --consumed

And to check what is available:

$ subscription-manager list --all --available

I have a hunch that when you registered the system, subscription-manager auto-attached a standard RHEL subscription. If so the solution is to remove the current subscription and replace with the Satellite one.

$ subscription-manager remove --all
$ subscription-manager attach --pool=POOLID

(Where POOLID is the ID of the subscription you want to attach, which you get with the previous subscription manager list --all --available command)

Hope this helps. Let me know if you have any further issues.

Thanks Daniel for quick response. Yup you were correct, I had auto-attach on subscription manager, however not when I do subscription-manager list --consumed I do not see under Provides "satellite repos" :/ ... And on the portal when I click subscription I get following: Internal Server Error - Read

The server encountered an internal error or misconfiguration and was unable to complete your request. Reference #3.4e89fea5.1496326788.1b55e905

Thanks, dtomic. Sounds like there might be an issue with your subscription. I recommend opening a support ticket so we can investigate what's happening with your subscription.

so when run subscription-manager list --available Subscription Name: Red Hat Enterprise Linux Developer Suite

I apologize for being ignorant, I have downloaded RH7.3 enterprise and trying to get satellite repos. Am I doing it wrong? How do I change Subscription name to "Rad Hat Satellite" ...Please help

Try:

$ subscription-manager list --all --available 

And let me know what subscriptions come up.

Subscription Name: Red Hat Enterprise Linux Developer Suite

Provides: Red Hat Software Collections (for RHEL Server)

                        Red Hat Container Development Kit    MRG Realtime

                 Red Hat EUCJP Support (for RHEL Server) - Extended Update Support

                 Red Hat Enterprise Linux Server - Extended Update Support   Red Hat Beta

                 Oracle Java (for RHEL Server) - Extended Update Support

                 Red Hat Enterprise Linux High Performance Networking (for RHEL Compute Node)


                 Red Hat Enterprise Linux High Performance Networking (for RHEL Server) - Extended Update Support

                 Red Hat Enterprise Linux Resilient Storage (for RHEL Server)

                 Oracle Java (for RHEL Server)

                 Red Hat Container Images

                 Red Hat Enterprise Linux for Real Time

                 dotNET on RHEL (for RHEL Server)

                 Red Hat Enterprise Linux Atomic Host

                 Red Hat S-JIS Support (for RHEL Server) - Extended Update Support

                 Red Hat Enterprise Linux Scalable File System (for RHEL Server)

                 Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support

                 Red Hat Enterprise Linux Atomic Host Beta

                 Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support

                 Red Hat Container Images Beta

                 Red Hat Enterprise Linux Scalable File System (for RHEL Server) - Extended Update Support

                 Red Hat Enterprise Linux Load Balancer (for RHEL Server) - Extended Update Support

                 Red Hat Enterprise Linux Server

                 Red Hat Enterprise Linux High Availability (for RHEL Server)

                 Red Hat Software Collections Beta (for RHEL Server)

                 Red Hat Enterprise Linux Load Balancer (for RHEL Server)

                 Red Hat Enterprise Linux High Performance Networking (for RHEL Server)

                 Red Hat Developer Toolset (for RHEL Server)

SKU: RH2262474

Contract: Pool ID: 8a85f9815c45d9b7015c45dbc565035e

Provides Management: Yes

Available: 98

Suggested: 1

Service Level: Self-Support

Service Type: L1-L3

Subscription Type: Standard

Ends: 05/25/2018

System Type: Virtual

Okay, there's definitely no Satellite subscription there. You might need to contact our customer service team regarding this.

yup, thank you sir!!!

Awesome video series! Any plans to continue this please?

Great, Daniel! This is an excellent way to share your knowledge. Thanks for your post.

This is great. Since Ansible is now part of the Red Hat family, how about videos showing how to better combine Satellite and Ansible?

Great videos Dan. Looking forward to a couple of things. Your (brief but on the head) description of the capsule concept was great to clarify the difference between a v6 capsule and a v5 proxy (definitely not the same). Would appreciate updating the slides to show the change in WebUI which has changed a lot since 6.0 through 6.3.3 and again now in the 6.4 beta. Also some discussion on issues faced in large corporates where you may not have: - dns control - dhcp control - vm farm control - no PXE capabaility and effectively all deployments become bare metal boot using kick start URL

Thanks again for your efforts!

I second Gunther suggestion. large corporates and enterprises where infrastructure and operations teams could be several not a single entity/team, and where Satellite could most likely be disconnected. scalability issues especially when Puppet, provisioning and patching are all in use.

Maybe talk about Katello-execution vs non-katello-execution. I've ran into an age old bug which has never been resolved. Their solution is not use katello-execution. Basically allow root login access. Well that's a no-no in some environments including PCI.

Honestly there are so many bolts and gears within Satellite that these sessions would be helpful.

I'm building our first satellite deployment. Right now all we want to do is register systems against it and to use it to keep these servers patched. A video covering this would be great!!