Red Hat Training

A Red Hat training course is available for Red Hat Satellite

3.3. Scenario 3: Installing Satellite with External Database

This scenario details the steps for an External Database Installation. You would use an External Database Installation to use Red Hat Satellite with existing database infrastructure and to keep the database separate from the Satellite server.
This scenario requires two hosts:

3.3.1. External Database Requirements

The External Database version of Red Hat Satellite requires additional hardware considerations. This section specifies these requirements when installing the Red Hat Satellite server and connecting to an external database.
Red Hat supports Red Hat Satellite installations on a External Database using one of the following:
  • PostgreSQL 9.5
  • Oracle Database 12c Standard and Enterprise Edition
  • Oracle Database 11g Standard and Enterprise Edition
  • Oracle Database 10g Release 2 Standard and Enterprise Edition
Ensure the External Database runs on a different server to the Red Hat Satellite.


Red Hat Satellite 5.8 supports various database migrations specified in Section 12.8, “Migrating the Database”.


Red Hat does not provide support or tools for External Database maintenance. This includes backups, upgrades, and database tuning. Customers using an External Database require their own database administrator to support and maintain the database. PostgreSQL Database Requirements

Red Hat Satellite requires the following packages installed on the Red Hat Enterprise Linux system chosen to host the PostgreSQL External Database:
  • rh-postgresql95
  • rh-postgresql95-postgresql
  • rh-postgresql95-postgresql-contrib
  • rh-postgresql95-postgresql-libs
  • rh-postgresql95-postgresql-server
  • rh-postgresql95-postgresql-pltcl


These packages may include dependencies that also need to be installed.
To install these packages on Red Hat Enterpise Linux, log in to your External Database host and run the following command:
# subscription-manager repos --enable=rhel-server-rhscl-6-rpms
# yum install rh-postgresql95 rh-postgresql95-postgresql rh-postgresql95-postgresql-contrib rh-postgresql95-postgresql-libs rh-postgresql95-postgresql-server rh-postgresql95-postgresql-pltcl
This adds the Red Hat Software Collections repository to your system. This repository contains the necessary PostgreSQL packages.
Initialize and start the database:
# service rh-postgresql95-postgresql initdb
# service rh-postgresql95-postgresql start
# chkconfig rh-postgresql95-postgresql on
Switch to the postgres user and run PostgreSQL through the Software Collections tool:
# su postgres
bash-4.1$ scl enable rh-postgresql95 'psql'
Create the Satellite database, Satellite database user, and enable the plpgsql and pltclu languages:
postgres=# CREATE USER mydbuser WITH PASSWORD 'mydbpassword';
postgres=# ALTER USER mydbuser WITH SUPERUSER;
postgres=# CREATE DATABASE mydb OWNER mydbuser;
postgres=# \connect mydb
mydb=# CREATE EXTENSION plpgsql;
mydb=# CREATE EXTENSION pltclu;
mydb=# \q


The mydb, mydbuser, and mydbpassword values are used for example purposes. Substitute these values for your own to secure the database.
Switch back to the root user and edit the /var/opt/rh/rh-postgresql95/lib/pgsql/data/pg_hba.conf file:
bash-4.1$ exit
# vi /var/opt/rh/rh-postgresql95/lib/pgsql/data/pg_hba.conf
Add a line to allow access to the database from your Satellite server. For example:
host mydb mydbuser md5
This example allows remote access to the mydb database using the mydbuser from any system on the network. The accepted authentication must also use an MD5-encrypted password.
Add or edit the following parameters in the configuration file /var/opt/rh/rh-postgresql95/lib/pgsql/data/postgresql.conf.
listen_addresses = '*'
bytea_output = 'escape'
The listen_addresses parameter opens communication to the database from other systems. The bytea_output parameter sets the correct encoding for bytea datatypes. Without this parameter, Satellite's Taskomatic service fails.
Restart the PostgreSQL server for these changes to take effect:
# service rh-postgresql95-postgresql restart Oracle Database Requirements

The Oracle database should have a user assigned to Red Hat Satellite with full DDL and DML access to that user's default tablespace. The user needs standard connection information for the database at the time of installation.
The explicit access levels required by the Oracle database user are as follows:


Database administrators must grant these privileges explicitly to the Satellite database user and not through a role.
Additional database requirements include:
  • Security Identifier (SID)
  • Listener Port
  • Username
  • UTF-8 character set


Ensure that the NLS_CHARACTERSET setting is set to "UTF8" when using an external database, not 'AL32UTF8' or other charsets. Using other charsets may lead to problems later.
Red Hat Satellite does not use the NLS_NCHAR_CHARACTERSET setting. Leave this setting as the default 'AL16UTF16'.
Two additional suggested recommendation for user's default tablespace include:
  • Uniform Extent Size
  • Auto Segment Space Management
The disk layout on the database machine is independent of Red Hat Satellite and entirely up to the customer.


Red Hat supports Red Hat Satellite's interactions with an external, third-party (such as Oracle) database as long as the external, third-party database is configured per Red Hat's documentation. Red Hat supports any Red Hat Satellite version-specific schema, package, tool or instruction set provided by Red Hat and designed to be used with a third-party database.
Customized database configuration can cause installation to fail. For example, the application of a strict tablespace quota on the Satellite database user can cause installation problems. As a result, Red Hat does not support general setup, maintenance, or troubleshooting of a third-party database outside of express interaction with Red Hat Satellite.

3.3.2. Downloading the Installation Media

The Satellite 5.8 installation media is available for download from the Red Hat Customer Portal in ISO format.

Procedure 3.14. Download the Installation Media

  1. Log on to the Customer Portal.
  2. Click Downloads.
  3. Click Red Hat Satellite.
  4. Select 5.8 for RHEL 6 from the Versions drop-down list.
  5. Select x86_64 or s390x from the Architecture list.
  6. Download the Red Hat Satellite 5.8 Binary DVD.
  7. Depending on your preferred installation source, either copy the DVD ISO image to the Satellite host, or burn it to DVD media.
    1. If you will be mounting the ISO image and running the installation program from there, copy the ISO image to the Satellite host.
      # scp satellite.iso root@hostname:/root


      If you will be installing a Managed DB instance, also copy the ISO image to that host.
    2. If you will be mounting a DVD and running the installation program from there, burn the DVD ISO image to DVD media.

3.3.3. Mounting the Installation Media

Mount the disc or ISO image on the server chosen to host Red Hat Satellite.

Procedure 3.15. Mounting from a disc

  1. Log into the machine as root.
  2. Insert the Red Hat Satellite Server CD or DVD containing the installation files.
  3. Red Hat Enterprise Linux might automount the disc. If so, it mounts the disc to the /media/cdrom/ directory. If Red Hat Enterprise Linux does not automount the disc, manually mount it to the /media/cdrom/ directory with the following command:
    # mkdir /media/cdrom
    # mount /dev/cdrom /media/cdrom

Procedure 3.16. Mounting from an ISO image

  1. Log into the host as root.
  2. Mount the ISO image to a location on your filesystem:
    # mkdir /media/cdrom
    # mount -o loop iso_filename /media/cdrom
The installation media is mounted at /media/cdrom/. Use this location to access the Red Hat Satellite installation program.

3.3.4. Generating a Manifest

In previous versions of Red Hat Satellite 5, details of product subscriptions and content repositories were contained in a Satellite Certificate. You downloaded the certificate from the Red Hat Customer Portal and imported it into Satellite. From Satellite 5.8, all content and subscriptions are hosted by the Red Hat Content Delivery Network (CDN), replacing Red Hat Network.
The Red Hat Customer Portal enables you to group subscriptions into multiple subscription allocations. The Red Hat CDN uses a Subscription Manifest, instead of the certificate. A Subscription Manifest is an exported file that lists the subscriptions in one subscription allocation.


If you are installing multiple instances of Satellite 5.8, ensure you divide the available subscriptions amongst the individual subscription allocations. For example, if you intend running two instances of Satellite 5.8, you might divide the subscriptions equally between the two subscription allocations.

Procedure 3.17. Generate New Satellite 5.8 Manifest

  1. Log on to the Customer Portal and navigate to Subscriptions in the upper-left corner.
  2. Navigate to Subscription Allocations.
  3. Click New subscription allocation.
  4. Enter a name in the Name field, select Satellite 5.8 from the Type drop-down list, and click Create.
  5. Navigate to the Subscription tab and click Add subscriptions.
  6. For each product to be attached to the manifest, specify the desired quantity in the Entitlements field, and click Submit. It may take several minutes for the subscriptions to be attached.
  7. Click Export Manifest and save the manifest file locally.
  8. Log out of the Customer Portal.
  9. Access the shell prompt on the host to which the manifest file was downloaded.
    Copy the manifest file to the Satellite host. In this example, the file is copied to the /root directory.
    # scp

3.3.5. Installing Behind a HTTP Proxy: Pre-Configuration (Optional)


  • This section only applies to networks behind a HTTP proxy.
  • Satellite does not support NTLM as a HTTP access authentication method. Only Basic access authentication, and Digest access authentication methods are supported.
The registration of the Red Hat Enterprise Linux host requires communication between itself and the Red Hat Content Delivery Network. If there is an HTTP proxy between these two, Subscription Manager must be configured with the proxy server's details, and credentials.
Edit the configuration file /etc/rhsm/rhsm.conf, and edit the following lines, adding details of the HTTP proxy, and credentials.
proxy_hostname = proxy_hostname
proxy_port = proxy_port
proxy_user = proxy_user
proxy_password = proxy_password

3.3.6. Registering Host with Red Hat Content Delivery Network

Registering the host to the Red Hat Content Delivery Network entitles it to content available via subscriptions. This includes content such as Red Hat Enterprise Linux, Red Hat Software Collections (RHSCL), and Red Hat Satellite.
Register your system with the Red Hat Content Delivery Network, entering your Customer Portal user name and password when prompted:
# subscription-manager register
The command displays output similar to the following:
The system has been registered with ID: 541084ff2-44cab-4eb1-9fa1-7683431bcf9a

3.3.7. Activating the Satellite Repositories

Installation of Red Hat Satellite 5.8 requires specific repositories to be enabled. The list of available repositories is determined by the subscription attached to the host. The following instructions detail how to identify and attach the required subscription, also which repositories must be enabled.

Procedure 3.18. Activate the Satellite Repositories

  1. List all available subscriptions, and identify the Red Hat Satellite 5 subscription.
    The list of available subscriptions may be long, but if you pipe the output into a pager utility, such as less or more, you can read the output one screenful at a time.
    # subscription-manager list --all --available | less
    Note the Pool ID as this is required to attach the subscription.
  2. Attach the subscription to the host.
    # subscription-manager attach --pool=pool_id
    The output should be similar to the following:
    Successfully attached a subscription for: Red Hat Satellite
  3. Disable all repositories.
    # subscription-manager repos --disable "*"
  4. Enable the Red Hat Enterprise Linux 6 repository. The Red Hat Satellite 5.8 repository will be enabled automatically by the installation program.
    For ⁠AMD64 and Intel 64
    # subscription-manager repos --enable=rhel-6-server-rpms
    For IBM System z
    # subscription-manager repos --enable=rhel-6-for-system-z-rpms

3.3.8. Running the Installation Program

The following procedure starts the installation procedure for Red Hat Satellite using an External Database. Ensure you run this procedure as the root user.


The installation program updates the kernel and all required packages.

Procedure 3.19. Running Installation Program

  1. Run the installation program from the /media/cdrom/ directory. To install to an external PostgreSQL database:
    # ./ --external-postgresql
    Or to install to an external Oracle database:
    # ./ --external-oracle
    The installation program first verifies the requirements in Chapter 2, Requirements are met before proceeding.
    * Starting the Red Hat Satellite installer.
    * Performing pre-install checks.
    * Pre-install checks complete.  Beginning installation.
  2. The script performs host registration with Red Hat Subscription Manager (if not already done), installs and updates all required packages, and populates the database on the Managed Database Host.
    * RHSM Registration.
    ** Registration: System is already registered with RHSM.  Not re-registering.
    * RHSM Subscriptions.
    ** Subscriptions: Subscription providing 'Red Hat Satellite' already attached.
    ** Subscriptions: Subscription providing 'Red Hat Enterprise Linux Server' already attached.
    ** Subscriptions: Disabling all RHSM repositories (rhel-6-server-rpms).
    ** Subscriptions: All repositories disabled.
    ** Subscriptions: Enabling RHEL repository.
    ** Subscriptions: RHEL repository enabled.
    * Checking for uninstalled prerequisites.
    ** Checking if yum is available ...
    There are some packages from Red Hat Enterprise Linux that are not part
    of the @base group that Satellite will require to be installed on this
    system. The installer will try resolve the dependencies automatically.
    However, you may want to install these prerequisites manually.
    Do you want the installer to resolve dependencies [y/N]? y
    * Installing Satellite packages.
    Warning: yum did not install the following packages:
    * Now running spacewalk-setup.
    * Setting up SELinux..
    ** Database: Setting up database connection for PostgreSQL backend.
    Database "rhnschema" does not exist
    ** Database: Installing the database:
    ** Database: This is a long process that is logged in:
    ** Database:   /var/log/rhn/install_db.log
    *** Progress: #
    ** Database: Installation complete.
    ** Database: Populating database.
    *** Progress: ###########################

3.3.9. Configuring the Satellite

The installation program performs some basic configuration tasks on your Red Hat Satellite environment.
The Red Hat Satellite installation program downloads and installs the Red Hat GPG key and sets up the /root/.gnupg/ directory, if required.
* Configuring tomcat.
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
At the prompt, enter the email address to which you would like notifications from Red Hat Satellite to be sent. Due to the large volume of emails, choose a general email address rather than the address of an individual.
You must enter an email address.
Admin Email Address?
* Performing initial configuration.
To activate Red Hat Satellite, provide the location of your manifest file, downloaded in Section 3.3.4, “Generating a Manifest”.
* Activating Red Hat Satellite.
Where is your satellite manifest file? /path/
** Loading Red Hat Satellite Manifest.
** Verifying manifest locally.
** Activating Red Hat Satellite.
The next step is to create a CA certificate for SSL access. Answer y to the Apache SSL configuration question, then answer the CA certificate questions.
CA cert
Enter a password for the certificate.
Enter the name of your organization.
Organization Unit
Enter the name of your department within your organization.
Email Address
Enter an email address to be associated with this certificate, such as the admin email entered in the steps above.
Enter your city.
Enter your state.
Enter your country. The country code must be exactly two letters, or the certificate generation fails. Type ? to see a list of country codes.
* Configuring apache SSL virtual host.
Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]? 
** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave
* Configuring jabberd.
* Creating SSL certificates.
CA certificate password? 
Re-enter CA certificate password? 
Organization? Red Hat
Organization Unit []? Sales
Email Address []?
City? Raleigh
State? NC
Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US
** SSL: Generating CA certificate.
** SSL: Deploying CA certificate.
** SSL: Generating server certificate.
** SSL: Storing SSL certificates.
* Deploying configuration files.
* Update configuration in database.
After the CA certificate is created, you are asked if you want to enable the services required by Cobbler. If you will be using PXE provisioning functionality, reply y.
* Setting up Cobbler..
cobblerd does not appear to be running/accessible
Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]?
After Cobbler is configured, the installation script restarts the associated services.
* Restarting services.
Installation complete.
Visit to create the satellite administrator account.
If you will be using Cobbler for provisioning hosts, grant Cobbler write access to the /tftpboot directory.
setsebool -P cobbler_anon_write on
The Red Hat Satellite installation is now complete. Continue with the instructions in Chapter 4, Configuration.


As an additional post-installation measure, perform a package update on the Satellite 5 server to ensure you are using the latest packages. For more information, see Section 12.2, “Performing Critical Updates to the Server”.