Red Hat Training

A Red Hat training course is available for Red Hat Satellite

10.5. Organizational Trusts

Organizations can share their resources with each other by establishing an organizational trust. Organizational trusts are defined by the Satellite Administrator and implemented by the Organization Administrator. Once a trust has been established between two or more organizations, the Organization Administrator from each organization is free to share as much or as little of their resources as they require. It is up to each Organization Administrator to determine what resources to share, and what shared resources from other organizations in the trust relationship to use.
Each individual relationship is unique and mutually exclusive from other trust relationships. For example, if the Accounting Organization trusts the Finance Organization, and the Finance Organization trusts the Facilities Organization, Accounting will not trust Facilities unless a separate trust relationship is defined between them.
Organizational Trusts

Figure 10.3. Organizational Trusts

Procedure 10.2. Establishing an Organizational Trust

A Satellite Administrator can create a trust between two or more organizations. To do this, perform the following steps:
  1. Select Organizations link on the menu on the Admin main page.
  2. Click the name of one of the organizations and within the Details page, click the Trusts tab.
  3. On the Trusts tab, there is a listing of all the other trusts on the RHN Satellite. If you have a long list of organizations, use the Filter by Organization text box to sort them.
  4. Click the checkbox next to the names of the organizations you want to be in the organizational trust with the current organization.
  5. Click the Modify Trusts button to create the trust.
Once an organizational trust has been established, organizations can share custom software channels with the other organizations in the trust. There are three levels of channel sharing that can be applied to each channel for access control:
Private
Make the channel private so that it cannot be accessed by any organizations except the owning organization.
Protected
Allow the channel to be accessed by specific trusted organizations of your choice.
Public
Allow all organizations within the trust to access the custom channel.
Trusted organizations that are granted access to the custom content using either protected or public access modes can allow their client systems to install and update packages from the shared channel. Subscription access can be lost when any of the following events occur:
  • The Satellite Administrator removes the trust relationship
  • The Organization Administrator changes channel access to private
  • The Organization Administrator changes channel access to private and does not include the subscribed system's organization in the protected list
  • The Organization Administrator deletes the shared channel directly
  • The Organization Administrator deletes the parent channel of a shared child channel

Note

All Red Hat software channels are managed through entitlements. Organization Administrators cannot share Red Hat Channels because they are available to all organizations that have entitlements to those channels. The Satellite Administrator is responsible for assigning Red Hat software channel entitlements to each organization.

Procedure 10.3. Migrating Systems

In addition to sharing software channels, organizations in a trust can migrate systems to other trusted organizations by using the migrate-system-profile utility. The utility is executed from the command line, and uses systemID and orgID to specify the system migration and its destination organization. The Satellite Administrator can migrate a system from any trusted organization to any other in the trust. However, Organization Administrators can only migrate a system from their own organization to another in the trust.
The migrate-system-profile command requires the spacewalk-utils package to be installed, which is usually installed by default with RHN Satellite. When an organization migrates a system with the migrate-system-profile command, the system does not carry over any of the previous entitlements or channel subscriptions from the source organization. However, the system's history is preserved, and can be accessed by the new Organization Administrator in order to simplify the rest of the migration process, which includes subscribing to a base channel and granting entitlements.
  1. Execute the command using the following format:
    migrate-system-profile --satellite SATELLITE HOSTNAME OR IP --systemId=SYSTEM ID --to-org-id=DESTINATION ORGANIZATION ID
    For example, the Finance department (created as an organization in RHN Satellite with OrgID 2) wants to migrate a workstation (with SystemID 10001020) from the Engineering department, but the Finance Organization Administrator does not have shell access to the RHN Satellite server. The RHN Satellite hostname is satserver.example.com. The Finance Organization Administrator would type the following from a shell prompt:
    migrate-system-profile --satellite satserver.example.com --systemId=10001020 --to-org-id=2
    
    The utility then prompts for a username and password.
  2. The system can then be viewed from the Systems page when logged into the RHN Satellite web interface. The migration process is completed by assigning a base channel and granting entitlements to the client for any other system registered to the organization, available from the system's History page in the Events tab.
    System History

    Figure 10.4. System History

  3. Satellite Administrators that need to migrate several systems at once can use the --csv option of migrate-system-profile to automate the process using a simple comma-separated list of systems to migrate.
    A line in the CSV file should contain the ID of the system to be migrated as well as destination organization's ID in the following format:
    systemId,to-org-id
    
    The systemId, for example could be 1000010000, while the to-org-id could be 3. An example CSV would look like the following:
    1000010000,3
    1000010020,1
    1000010010,4