Red Hat Training
A Red Hat training course is available for Red Hat Satellite
1.5. Prerequisites
Red Hat Satellite is only supported on either:
- Red Hat Enterprise Linux 6 Server
- Red Hat Enterprise Linux 7 Server
Important
- Red Hat Satellite Server requires Red Hat Enterprise Linux installations with the @Base package group with no other package-set modifications, and without third-party configurations or software that is not directly necessary for the direct operation of the server. This restriction includes hardening or other non-Red Hat security software. If such software is required in your infrastructure, install and verify a complete working Satellite Server first, then create a backup of the system before adding any non-Red Hat software.
- Your subscription-manager 'Release' field must be set to 6Server or 7Server in order to receive the latest version of Red Hat Enterprise Linux and Red Hat Satellite during the installation. Set the field by using the command:
subscription-manager release --set=Release
Only release versions 6Server and 7Server are supported by Red Hat Satellite.
- There should be at least one networked host with the following minimum specifications:
- 64-bit architecture
- Red Hat Enterprise Linux 6.5 or later
- A minimum of two CPU cores, but four CPU cores are recommended.
- A minimum of 8 GB memory but ideally 12 GB of memory for each instance of Satellite. Use 4 GB of swap space where possible.
- No Java virtual machine installed on the system, remove any if they exist.
- No Puppet RPM files installed on the system.
- No third-party unsupported yum repositories enabled. Third-party repositories may offer conflicting or unsupported package versions that may cause installation or configuration errors.
- A current Red Hat Network subscription.
- Administrative user (
root
) access. - Full forward and reverse DNS resolution using a fully qualified domain name. Ensure that
hostname
andlocalhost
resolve correctly, using the following commands:# ping -c1 localhost # ping -c1 `hostname -s` # my_system # ping -c1 `hostname -f` # my_system.domain.com
Important
Browser support is divided into 4 levels:
- Level 1: Fully supported preferred browsers for ideal experience.
- Level 2: Mostly supported. The interface functions but some design elements may not align correctly, UI controls and layout may be misaligned and there maybe degraded performance experienced.
- Level 3: Design elements may not align correctly.
- Level 4: Unsupported
Table 1.1. Supported Browser Matrix
Browser | Version | Support Level |
---|---|---|
Firefox | 3.6 | L3 |
Firefox | 17, 18, 19, 20 | L4 |
Firefox | 21 | L2 |
Firefox | 22, 23, 24 | L1 |
Firefox | Latest | L1 |
Chrome | 19, 20 | L4 |
Chrome | 21, 27 | L2 |
Chrome | Latest | L1 |
Internet Explorer | 7, 8 | L4 |
Internet Explorer | 9, 10, 11 | L2 |
Safari | ALL | L4 |
Note
Satellite Server storage specifications are as follows:
- A minimum of 6 GB storage for base operating system installation of Red Hat Enterprise Linux
- A minimum of 400 MB storage for the Red Hat Satellite 6 software installation
- A minimum of 20 GB storage for each unique software repository. Packages that are duplicated in different channels are only stored once on the disk. Additional repositories containing duplicate packages will require less additional storage. The bulk of storage resides on the
/var/lib/mongodb
and/var/lib/pulp
directories. These end points are not manually configurable. Make sure that storage is available on the /var file system to prevent storage issues. - A minimum of 2 GB of available storage in
/var/lib/pgsql
with the ability to grow the partition containing this directory as data storage requirements grow.
Note
Satellite Server application installation specifications are as follows:
ntpd
service and have it persist across restarts:
# service ntpd start; chkconfig ntpd on
chronyd
service and have it persist across restarts:
systemctl start chronyd; systemctl enable chronyd
The following network ports need to be open and free before continuing with the installation:
Table 1.2. Required Network Ports
Port | Protocol | Service |
---|---|---|
443 | tcp | HTTPS |
5671 | tcp | SSL |
80 | tcp | HTTP |
8080 | tcp | Tomcat6 |
8140 | tcp | Puppet |
9090 | tcp | Foreman Smart Proxy |
iptables
command to configure the firewall, or the system-config-firewall-tui
command-line utility. To modify the firewall with the iptables
command:
- Port 443 for HTTPS (secure WWW) must be open for incoming connections.
- Port 5671 must be open for SSL communication with managed systems.
- Port 80 for HTTP (WWW) must be open to download the bootstrap files.
- Port 8080 for TCP must be free for java connections.
- Port 8140 must be open for incoming Puppet connections with the managed systems.
- Port 9090 must be open for Foreman Smart Proxy connections with the managed systems.
- Run the following commands to configure the firewall with the
iptables
command and to make these rules persistent during reboots:Note
Run the firewall commands as the root user.- For Red Hat Enterprise Linux 6:
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 5671 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 8140 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 9090 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT \ iptables-save > /etc/sysconfig/iptables
- For Red Hat Enterprise Linux 7:
firewall-cmd --permanent --add-port="443/tcp" --add-port="5671/tcp" --add-port="80/tcp" --add-port="8140/tcp" --add-port="9090/tcp" --add-port="8080/tcp" \ && firewall-cmd --complete-reload
The following tables provide details about the network connections made to and from the Red Hat Satellite Server.
Table 1.3. Advanced Firewall Considerations with a Red Hat Satellite Server
Flow | Action | Initiator | Initiator Detail | Endpoint | Endpoint Detail | Port | Protocol | SELinux Type |
---|---|---|---|---|---|---|---|---|
Capsule Registration | Capsule Registration (Content Host) | Capsule | subscription-manager | Satellite Server | Apache | 443 | https | http_port_t |
Capsule Registration (Smart Proxy) | Capsule | Smart Proxy | Satellite Server | Passenger | 8443/9090 | https | http_port_t, websm_port_t | |
Broker Connections | Capsule | AMQP Broker | Satellite Server | AMQP Broker | 5671 | amqp | amqp_port_t | |
Content Promotion | Initiation | Server | AMQP Broker | Capsule | AMQP Broker | 5671 | amqp | amqp_port_t |
Content Mirroring | Capsule | Pulp Node | Server | Apache | 443 | https/http | http_port_t | |
Puppet Run | Manifest Request | Client | Puppet Agent | Capsule | Puppet Master | 8140 | https | puppet_port_t |
External Node Classification | Capsule | Puppet Master | Server | Passenger | 443 | https | http_port_t | |
Run Report | Capsule | Puppet Master | Server | Passenger | 443 | https | http_port_t | |
Provisioning | IP/TFTP/Etc | Server | Passenger | Capsule | Smart Proxy | 8140/8443/9090 | https | puppet_port_t, http_port_t, websm_port_t |
Installation | Client | Anaconda/Yum | Capsule | Pulp Node | 8443/80 | https/http | http_port_t | |
Installation Templates | Client | Anaconda | Server | Passenger | 443/80 | https/http | http_port_t | |
Orchestration | DNS records | Capsule | nsupdate | DNS server | bind | 53 | dns | dns_port_t |
DHCP records | Capsule | omapi | DHCP server | ISC dhcp | 7911 | omapi | dhcp_port_t | |
Yum Run | Yum Execution | Client | Yum | Capsule | Apache | 8443/80 | https/http | http_port_t |
Power Management | BMC On/Off/Cycle/Status | Capsule | User Initiated API/UI | Client | IPMI Device | n/a | ipmi | n/a |
Table 1.4. Advanced Firewall Considerations without a Red Hat Satellite Capsule Server
Flow | Action | Initiator | Initiator Detail | Endpoint | Endpoint Detail | Port | Protocol | SELinux Type |
---|---|---|---|---|---|---|---|---|
Subscription Management | Subscription-Manager-Execution | Client | subscription-manager | Satellite Server | Passenger | 443 | https | http_port_t |
Action Initiation | Server | AMQP Broker | Client | katello-agent | 5671 | amqp | amqp_port_t | |
Installation/Removal/Update | Client | Anaconda/Yum | Capsule | Apache | 8443/80 | https/http | http_port_t | |
Provisioning | Installation Templates | Client | Anaconda | Server | Passenger | 443/80 | https/http | http_port_t |
Compute Resources | Fog interactions (query/create destroy/etc) | Server | Fog | Compute Resource | Openstack | 5000 | http | commplex_main_port_t |
EC2 | 443 | https | http_port_t | |||||
oVirt | 443 | https | https_port_t | |||||
Libvirt | 22/16514 | ssh/tls | ssh_port_t, virt_port_t |
Red Hat recommends that the SELinux policy on Satellite 6 systems be set to enforcing.
Important
Red Hat recommends that the sos package is installed on Satellite. The sos packages provides the sosreport
command. The sosreport
command is a tool that collects configuration and diagnostic information from a Red Hat Enterprise Linux system and is used to provide the initial analysis of a system required when opening a service request with Red Hat Technical Support.
# yum install sos