What will replace katello-disconnected?
Hi All,
I work in environments with disconnected networks. I recently set up a satellite 6.1.1 server and a synchost to sync the content from redhat and then perform an export to use to provide content for the disconnected satellite.
I noticed that the most recent Satellite Install document does not include information on setting up a synchost and the previous version indicates that the synchost will be deprecated in a future release of satellite.
I am aware that there are content ISOs available, however they appear to be out of date. Our environment has security requirements that must be met. We sometimes get 7 day turn-around for patching. Also, it will be a big deal to download hundreds of GIGs of content ISOs every week, instead of just syncing a connected satellite synchost.
Therefore, the question is, what is Red Hat's plan going forward?
Will an export functionality be added to satellite V6 so it can perform an export similar to Satellite V5 was able to do?
Will the content ISOs be updated more frequently?
Or Is there some other solution that Red Hat plans to engineer or provide to those of us who want to use satellite on disconnected networks.
Thanks
Diane
Responses
Guru
6827 points
Diane, (I'm only addressing content ISOs, namely Satellite ISO channel dumps for disconnected satellites). I hope this does address some portion of what you are asking...
My customers have been using eight total disconnected satellites for years. We use/rely on ISO channel dumps. At one time Red Hat was going to have Satellite 6 customers soley rely on CDN delivery, however various customers that rely on ISO channel dumps (including my customers), put in feature requests to keep/sustain ISO channel dumps for Satellite v6.x. Gladly, Red Hat told us they would continue to provide ISO channel dumps, and they did make their Satellite 6.x channels available, see this link.
We have very compelling reasons to keep our eight satellite servers disconnected and we do not place a public-facing satellite server or CDN server to acquire updates. We use Base & Incremental channels.
formatting is currently broken, ergo this code bit for a break in thought...
So we did face excessive delays with Satellite 5.x Base and Incremental channels being released on a timely basis. When we complained via support tickets, we discovered there was a bug that Red Hat was working on to get their process for Base/Incremental channels resolved (two separate incidents, both had very excessive delays). By the way, at the moment, while Satellite 6.x Base Channels are available, there seems to be a delay with incremental channels.
See that discussion area. I recommend putting in a case with Red Hat support expressing in clear terms the need for the incremental channels from a security standpoint (that's what we did, and we elevated it, and I'm understating this matter completely) if you are suffering in a similar way where you have base channels but no incrementals.
From what I see, it seems Base channels were released for satellite 6 in August or so (but no incremental channels), and here we are in December and (as I type this). See that discussion.
Red Hat
Guru
2300 points
Quote:
I noticed that the most recent Satellite Install document does not include i
nformation on setting up a synchost and the previous version indicates
that the synchost will be deprecated in a future release of satellite.
That was an omission from the 6.1 docs. The docs are updated now.
Quote:
Therefore, the question is, what is Red Hat's plan going forward?
Will an export functionality be added to satellite V6 so
it can perform an export similar to Satellite V5 was able to do?
In a future release of Satellite, the functionality that comprises katello-disconnected will become part of Satellite itself. Thus, the sync host (as a separate server) will go away, and Satellite will do this functionality natively, to include incremental exports of content.
Bump on the "need incremental updates in the form of rolled-up ISOs for more than base channels". Wouldn't hold my breath there, though -- this has been requested by a lot of people for a number of years with zero visible progress. It's not much of a reach to guess that ISOs is not RH's preferred solution to this issue.
On embedding sync-host capability in Satellite: If sync functionality moves into Satellite then a Satellite install, subscription, and license will be required both in the network space where the sync occurs and in the network space where the disconnected hosts reside. Either that, or we'd have to move the Satellite install outside of disconnected space and sneakernet/homebrew a different provisioning solution inside disconnected space. Which would certainly be doable, just not with anywhere near the functionality which led us to consider Satellite in the first place.
Red Hat
Guru
2300 points
You can get two Satellites for this purpose. What is generally done by a number of our customers is they'd use a Satellite on the (low) internet connected side to export content for the Satellite on the (high) disconnected side.
This workflow is described in Red Hat Satellite 6.2 Feature Overview: Inter-Satellite Sync. In many cases this is done by using the Satellite Starter Pack subscription (which is discounted) on the Internet connected side since it is managing few or no systems. (Starter Packs are limited to 50 systems)
On the topic of Incremental Content ISOs, see this RFE. We still intend to deliver incremental Content ISOs.
Assuming some future point when Content ISOs are available, you are always going to worry about the release cadence. If your requirements are that you need to address certain classes of errata in a very short period of time (say, critical erratum that needs to be addressed in <24 hours), having a Satellite you can control & export from might be a better solution.
I just finished taking the RH403-RHS6.2.1 class, and it inferred that the katello-disconnected functionality was going away and was being replaced by the ISO updates. I'm glad to hear that this is not the case, but someone should update the Class documentation in Chapter 1 about Synchronizing Red Hat content.
If you have available systems connected to the internet in the various versions of Red Hat (5/6/7), the poor-man's solution could be to run 'reposync' from each of those hosts and sneakernet the resulting packages up to your disconnected satellite. You could make it function much like an incremental export by only transferring files that were sync'd on that day. You would then only need to run 'createrepo --update' on the disconnected side after your new packages are added to your staging location. You would need to be sure to gather your 'comps.xml' and 'updateinfo.xml' files from the source-side as well to include when you rebuild your repository metadata.
Otherwise, as Rich stated, there is now incremental export functionality built into Satellite 6.2. Although, I see that this thread is quite old and you've surely worked this out by now.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.