4.2. Disconnected Satellite

In high security environments where hosts are required to function in a closed network, disconnected from the internet, the Red Hat Satellite Server can provision systems with the latest security updates, errata, and packages. This is achieved by using two important components: the katello-disconnected utility and a synchronization host.
The diagram below illustrates how a disconnected Satellite is able to keep its content updated even without an internet connection. An intermediary system with an internet connection is needed to act as a synchronization host. This synchronization host is in a separate network from the Satellite server.
The synchronization host imports content from the Red Hat Content Delivery Network (CDN) through pulp. The content is then exported onto a media, such as DVDs, CDs, or external hard drives and transferred to the disconnected Satellite server. The following sections in this chapter will guide you through the whole process.
Disconnected Satellite

Figure 4.1. Disconnected Satellite

4.2.1. Configuring the Synchronization Host

Prerequisites

To import content from the Red Hat Content Distribution Network (CDN), the synchronization host requires:

Procedure 4.11. To Configure a Host to Synchronize and Export Content from the Red Hat CDN:

  1. Use Red Hat Subscription Manager to register the synchronization host to RHN.
  2. List all the available subscriptions to find the correct Red Hat Satellite product to allocate to your system:
    # subscription-manager list --available --all
    This command displays output similar to the following:
    +-------------------------------------------+
        Available Subscriptions
    +-------------------------------------------+
    
    
    ProductName:        Red Hat Satellite
    ProductId:          SKU123456
    PoolId:             e1730d1f4eaa448397bfd30c8c7f3d334bd8b
    Quantity:           10
    Multi-Entitlement:  No
    Expires:            08/20/2013
    MachineType:        physical
    

    Note

    The SKU and Pool ID depend on the Red Hat Satellite product type that corresponds to your system version and product type.
  3. Subscribe to the pool using the following command:
    # subscription-manager subscribe --pool=Red_Hat_Satellite_Pool_Id
    # subscription-manager subscribe --pool=Red_Hat_Enterprise_Linux_Pool_Id
    # subscription-manager subscribe --pool=Red_Hat_Enterprise_Linux_Software_Collections_Pool_Id
    
  4. Disable all existing repositories:
    # subscription-manager repos --disable "*"
    
  5. Enable the Red Hat Satellite and Red Hat Enterprise Linux and Red Hat Software Collections repositories. Ensure the Red Hat Enterprise Linux repository matches the specific version you are using.
    # subscription-manager repos --enable rhel-6-server-rpms \
    --enable rhel-server-rhscl-6-rpms \
    --enable rhel-6-server-satellite-6.0-rpms
    

    Note

    The commands above are based on Red Hat Enterprise Linux 6. If you are using a different version of Red Hat Enterprise Linux, change the repository based on your specific version.
  6. Install katello-utils and associated RPM files:
    # yum install python-qpid-qmf python-qpid  qpid-cpp-server-store katello-utils
    
    katello-utils includes the katello-disconnected utility that is required to set up repositories for import while qpid related packages are necessary for pulp configuration.
  7. Generate a 32-character alphanumeric string for the oauth_secret entry in the /etc/pulp/server.conf file:
    $ tr -dc "[:alnum:]" < /dev/urandom | head -c 32
  8. In the /etc/pulp/server.conf, uncomment the [oauth] entry and add the randomly-generated value from the previous step as the oauth_secret value:
    [oauth]
    enabled: true
    oauth_key: katello
    oauth_secret: v8SeYqvS5QUfmg0dIrJOBG58lAHDRZnN
  9. Disable authentication in /etc/qpid/qpidd.conf:
    # Configuration file for qpidd. Entries are of the form:
    #   name=value
    #
    # (Note: no spaces on either side of '=').
    # Run "qpidd --help" or see "man qpidd" for more details.
    
    auth=no
    
    All incoming connections authenticate using the Satellite's default realm.
  10. Configure the connection from katello-disconnected to Pulp with the previously generated value as your --oauth-secret option:
    # katello-disconnected setup --oauth-key=katello --oauth-secret=v8SeYqvS5QUfmg0dIrJOBG58lAHDRZnN
    This places a configuration value in ~/.katello-disconnected.
  11. Configure Pulp on the synchronization server:
    sudo service qpidd start
    sudo chkconfig qpidd on
    sudo service mongod start
    sleep 10
    sudo chkconfig mongod on
    sudo -u apache pulp-manage-db
    sudo service httpd restart
    sudo chkconfig pulp_workers on
    sudo service pulp_workers start
    sudo chkconfig pulp_celerybeat on
    sudo service pulp_celerybeat start
    sudo chkconfig pulp_resource_manager on
    sudo service pulp_resource_manager start
    
  12. Import the manifest to set up the list of available repositories to synchronize based on the selected subscriptions:
    # katello-disconnected import -m ./manifest.zip
    
The synchronization host is now ready to synchronize content from the Red Hat CDN.