4.2. Disconnected Satellite

In high security environments where hosts are required to function in a closed network, disconnected from the internet, the Red Hat Satellite Server can provision systems with the latest security updates, errata, and packages. This is achieved by using two important components: the katello-disconnected utility and a synchronization host.

The diagram below illustrates how a disconnected Satellite is able to keep its content updated even without an internet connection. An intermediary system with an internet connection is needed to act as a synchronization host. This synchronization host is in a separate network from the Satellite server.

The synchronization host imports content from the Red Hat Content Delivery Network (CDN) through pulp. The content is then exported onto a media, such as DVDs, CDs, or external hard drives and transferred to the disconnected Satellite server. The following sections in this chapter will guide you through the whole process.

Figure 4.1. Disconnected Satellite

Report a bug

4.2.1. Configuring the Synchronization Host

Prerequisites

To import content from the Red Hat Content Distribution Network (CDN), the synchronization host requires:

An Internet connection
Valid Red Hat Network subscriptions
A valid manifest (See Section 4.1.1.1, “Setting up a Manifest” for instructions on how to obtain one.)

Procedure 4.11. To Configure a Host to Synchronize and Export Content from the Red Hat CDN:

Use Red Hat Subscription Manager to register the synchronization host to RHN.

List all the available subscriptions to find the correct Red Hat Satellite product to allocate to your system:

# subscription-manager list --available --all

This command displays output similar to the following:

+-------------------------------------------+
    Available Subscriptions
+-------------------------------------------+


ProductName:        Red Hat Satellite
ProductId:          SKU123456
PoolId:             e1730d1f4eaa448397bfd30c8c7f3d334bd8b
Quantity:           10
Multi-Entitlement:  No
Expires:            08/20/2013
MachineType:        physical

Note

The SKU and Pool ID depend on the Red Hat Satellite product type that corresponds to your system version and product type.

Subscribe to the pool using the following command:

# subscription-manager subscribe --pool=Red_Hat_Satellite_Pool_Id
# subscription-manager subscribe --pool=Red_Hat_Enterprise_Linux_Pool_Id
# subscription-manager subscribe --pool=Red_Hat_Enterprise_Linux_Software_Collections_Pool_Id

Disable all existing repositories:

# subscription-manager repos --disable "*"

Enable the Red Hat Satellite and Red Hat Enterprise Linux and Red Hat Software Collections repositories. Ensure the Red Hat Enterprise Linux repository matches the specific version you are using.
```
# subscription-manager repos --enable rhel-6-server-rpms \
--enable rhel-server-rhscl-6-rpms \
--enable rhel-6-server-satellite-6.0-rpms
```
Note
The commands above are based on Red Hat Enterprise Linux 6. If you are using a different version of Red Hat Enterprise Linux, change the repository based on your specific version.
Install katello-utils and associated RPM files:
```
# yum install python-qpid-qmf python-qpid  qpid-cpp-server-store katello-utils
```
katello-utils includes the katello-disconnected utility that is required to set up repositories for import while qpid related packages are necessary for pulp configuration.
Generate a 32-character alphanumeric string for the oauth_secret entry in the /etc/pulp/server.conf file:
```
$ tr -dc "[:alnum:]" < /dev/urandom | head -c 32
```
In the /etc/pulp/server.conf, uncomment the [oauth] entry and add the randomly-generated value from the previous step as the oauth_secret value:
```
[oauth]
enabled: true
oauth_key: katello
oauth_secret: v8SeYqvS5QUfmg0dIrJOBG58lAHDRZnN
```

Disable authentication in /etc/qpid/qpidd.conf:

# Configuration file for qpidd. Entries are of the form:
#   name=value
#
# (Note: no spaces on either side of '=').
# Run "qpidd --help" or see "man qpidd" for more details.

auth=no

All incoming connections authenticate using the Satellite's default realm.

Configure the connection from katello-disconnected to Pulp with the previously generated value as your --oauth-secret option:
```
# katello-disconnected setup --oauth-key=katello --oauth-secret=v8SeYqvS5QUfmg0dIrJOBG58lAHDRZnN
```
This places a configuration value in ~/.katello-disconnected.

Configure Pulp on the synchronization server:

sudo service qpidd start
sudo chkconfig qpidd on
sudo service mongod start
sleep 10
sudo chkconfig mongod on
sudo -u apache pulp-manage-db
sudo service httpd restart
sudo chkconfig pulp_workers on
sudo service pulp_workers start
sudo chkconfig pulp_celerybeat on
sudo service pulp_celerybeat start
sudo chkconfig pulp_resource_manager on
sudo service pulp_resource_manager start

Import the manifest to set up the list of available repositories to synchronize based on the selected subscriptions:
```
# katello-disconnected import -m ./manifest.zip
```

The synchronization host is now ready to synchronize content from the Red Hat CDN.

Report a bug

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

4.2. Disconnected Satellite

4.2.1. Configuring the Synchronization Host

Where did the comment section go?