Red Hat Training
A Red Hat training course is available for Red Hat Satellite
10.5. Organizational Trusts
Organizations can share their resources with each other by establishing an organizational trust. Organizational trusts are defined by the Satellite Administrator and implemented by the Organization Administrator. Once a trust has been established between two or more organizations, the Organization Administrator from each organization is free to share as much or as little of their resources as they require. It is up to each Organization Administrator to determine what resources to share, and what shared resources from other organizations in the trust relationship to use.
Each individual relationship is unique and mutually exclusive from other trust relationships. For example, if the Accounting Organization trusts the Finance Organization, and the Finance Organization trusts the Facilities Organization, Accounting will not trust Facilities unless a separate trust relationship is defined between them.
Figure 10.3. Organizational Trusts
Procedure 10.2. Establishing an Organizational Trust
A Satellite Administrator can create a trust between two or more organizations. To do this, perform the following steps:
- Select link on the menu on the Admin main page.
- Click the name of one of the organizations and within the Details page, click the Trusts tab.
- On the Trusts tab, there is a listing of all the other trusts on the RHN Satellite. If you have a long list of organizations, use the Filter by Organization text box to sort them.
- Click the checkbox next to the names of the organizations you want to be in the organizational trust with the current organization.
- Click the button to create the trust.
Once an organizational trust has been established, organizations can share custom software channels with the other organizations in the trust. There are three levels of channel sharing that can be applied to each channel for access control:
- Private
- Make the channel private so that it cannot be accessed by any organizations except the owning organization.
- Protected
- Allow the channel to be accessed by specific trusted organizations of your choice.
- Public
- Allow all organizations within the trust to access the custom channel.
Trusted organizations that are granted access to the custom content using either protected or public access modes can allow their client systems to install and update packages from the shared channel. Subscription access can be lost when any of the following events occur:
- The Satellite Administrator removes the trust relationship
- The Organization Administrator changes channel access to private
- The Organization Administrator changes channel access to private and does not include the subscribed system's organization in the protected list
- The Organization Administrator deletes the shared channel directly
- The Organization Administrator deletes the parent channel of a shared child channel
Note
All Red Hat software channels are managed through entitlements. Organization Administrators cannot share Red Hat Channels because they are available to all organizations that have entitlements to those channels. The Satellite Administrator is responsible for assigning Red Hat software channel entitlements to each organization.
Procedure 10.3. Migrating Systems
In addition to sharing software channels, organizations in a trust can migrate systems to other trusted organizations by using the
migrate-system-profile utility. The utility is executed from the command line, and uses systemID and orgID to specify the system migration and its destination organization. The Satellite Administrator can migrate a system from any trusted organization to any other in the trust. However, Organization Administrators can only migrate a system from their own organization to another in the trust.
The
migrate-system-profile command requires the spacewalk-utils package to be installed, which is usually installed by default with RHN Satellite. When an organization migrates a system with the migrate-system-profile command, the system does not carry over any of the previous entitlements or channel subscriptions from the source organization. However, the system's history is preserved, and can be accessed by the new Organization Administrator in order to simplify the rest of the migration process, which includes subscribing to a base channel and granting entitlements.
- Execute the command using the following format:
migrate-system-profile --satellite SATELLITE HOSTNAME OR IP --systemId=SYSTEM ID --to-org-id=DESTINATION ORGANIZATION ID
For example, the Finance department (created as an organization in RHN Satellite withOrgID 2) wants to migrate a workstation (withSystemID 10001020) from the Engineering department, but the Finance Organization Administrator does not have shell access to the RHN Satellite server. The RHN Satellite hostname is satserver.example.com. The Finance Organization Administrator would type the following from a shell prompt:migrate-system-profile --satellite satserver.example.com --systemId=10001020 --to-org-id=2
The utility then prompts for a username and password. - The system can then be viewed from the Systems page when logged into the RHN Satellite web interface. The migration process is completed by assigning a base channel and granting entitlements to the client for any other system registered to the organization, available from the system's History page in the Events tab.
Figure 10.4. System History
- Satellite Administrators that need to migrate several systems at once can use the
--csvoption ofmigrate-system-profileto automate the process using a simple comma-separated list of systems to migrate.A line in the CSV file should contain the ID of the system to be migrated as well as destination organization's ID in the following format:systemId,to-org-id
ThesystemId, for example could be1000010000, while theto-org-idcould be3. An example CSV would look like the following:1000010000,3 1000010020,1 1000010010,4
