Red Hat Training

A Red Hat training course is available for Red Hat Satelitte

1.5. Prerequisites

The following conditions must be met before installing Red Hat Satellite 6:
Base Operating System

Red Hat Satellite is only supported on either:

  • Red Hat Enterprise Linux 6 Server
  • Red Hat Enterprise Linux 7 Server
Install the operating system from disc, local ISO image, kickstart, or any other method that Red Hat supports and update the system to the latest set of packages in Red Hat Enterprise Linux.

Important

  • Red Hat Satellite Server requires Red Hat Enterprise Linux installations with the @Base package group with no other package-set modifications, and without third-party configurations or software that is not directly necessary for the direct operation of the server. This restriction includes hardening or other non-Red Hat security software. If such software is required in your infrastructure, install and verify a complete working Satellite Server first, then create a backup of the system before adding any non-Red Hat software.
  • Your subscription-manager 'Release' field must be set to 6Server or 7Server in order to receive the latest version of Red Hat Enterprise Linux and Red Hat Satellite during the installation. Set the field by using the command:
    subscription-manager release --set=Release
    Only release versions 6Server and 7Server are supported by Red Hat Satellite.
  • There should be at least one networked host with the following minimum specifications:
    • 64-bit architecture
    • Red Hat Enterprise Linux 6.5 or later
    • A minimum of two CPU cores, but four CPU cores are recommended.
    • A minimum of 8 GB memory but ideally 12 GB of memory for each instance of Satellite. Use 4 GB of swap space where possible.
    • No Java virtual machine installed on the system, remove any if they exist.
    • No Puppet RPM files installed on the system.
    • No third-party unsupported yum repositories enabled. Third-party repositories may offer conflicting or unsupported package versions that may cause installation or configuration errors.
  • A current Red Hat Network subscription.
  • Administrative user (root) access.
  • Full forward and reverse DNS resolution using a fully qualified domain name. Ensure that hostname and localhost resolve correctly, using the following commands:
    # ping -c1 localhost
    # ping -c1 `hostname -s` # my_system
    # ping -c1 `hostname -f` # my_system.domain.com
    

Important

Ensure that the host system is fully updated before installing Red Hat Satellite. Attempts to install on host systems that are not fully updated may lead to difficulty in troubleshooting, as well as unpredictable results.
Supported Browsers

Browser support is divided into 4 levels:

  1. Level 1: Fully supported preferred browsers for ideal experience.
  2. Level 2: Mostly supported. The interface functions but some design elements may not align correctly, UI controls and layout may be misaligned and there maybe degraded performance experienced.
  3. Level 3: Design elements may not align correctly.
  4. Level 4: Unsupported
The table below outlines the supported browsers and their level of support:

Table 1.1. Supported Browser Matrix

Browser Version Support Level
Firefox 3.6 L3
Firefox 17, 18, 19, 20 L4
Firefox 21 L2
Firefox 22, 23, 24 L1
Firefox Latest L1
Chrome 19, 20 L4
Chrome 21, 27 L2
Chrome Latest L1
Internet Explorer 7, 8 L4
Internet Explorer 9, 10, 11 L2
Safari ALL L4

Note

The web-based user interface and command-line interface for Satellite Server supports English, Portuguese, Simplified Chinese, Traditional Chinese, Korean, Japanese, Italian, Spanish, Russian, French, and German.
Storage

Satellite Server storage specifications are as follows:

  • A minimum of 6 GB storage for base operating system installation of Red Hat Enterprise Linux
  • A minimum of 400 MB storage for the Red Hat Satellite 6 software installation
  • A minimum of 20 GB storage for each unique software repository. Packages that are duplicated in different channels are only stored once on the disk. Additional repositories containing duplicate packages will require less additional storage. The bulk of storage resides on the /var/lib/mongodb and /var/lib/pulp directories. These end points are not manually configurable. Make sure that storage is available on the /var file system to prevent storage issues.
  • A minimum of 2 GB of available storage in /var/lib/pgsql with the ability to grow the partition containing this directory as data storage requirements grow.

Note

Most Satellite Server data is stored within the /var directory. It is strongly recommended to mount /var on LVM storage that the system can scale to meet data storage requirements.
Application Specifications

Satellite Server application installation specifications are as follows:

It is recommended that a time synchronizer such as ntp is installed and enabled on Satellite as Satellite is susceptible to time drift. Run the following command to start the ntpd service and have it persist across restarts:
# service ntpd start; chkconfig ntpd on
In Red Hat Enterprise Linux 7 chrony is the default time synchronizer. Run the following command to start the chronyd service and have it persist across restarts:
systemctl start chronyd; systemctl enable chronyd
Required Network Ports

The following network ports need to be open and free before continuing with the installation:

Table 1.2. Required Network Ports

Port Protocol Service
443 tcp HTTPS
5671 tcp SSL
80 tcp HTTP
8080 tcp Tomcat6
8140 tcp Puppet
9090 tcp Foreman Smart Proxy
You can use either the iptables command to configure the firewall, or the system-config-firewall-tui command-line utility. To modify the firewall with the iptables command:
  • Port 443 for HTTPS (secure WWW) must be open for incoming connections.
  • Port 5671 must be open for SSL communication with managed systems.
  • Port 80 for HTTP (WWW) must be open to download the bootstrap files.
  • Port 8080 for TCP must be free for java connections.
  • Port 8140 must be open for incoming Puppet connections with the managed systems.
  • Port 9090 must be open for Foreman Smart Proxy connections with the managed systems.
  • Run the following commands to configure the firewall with the iptables command and to make these rules persistent during reboots:

    Note

    Run the firewall commands as the root user.
    1. For Red Hat Enterprise Linux 6:
      iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT \
      && iptables -I INPUT -m state --state NEW -p tcp --dport 5671 -j ACCEPT \
      && iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT \
      && iptables -I INPUT -m state --state NEW -p tcp --dport 8140 -j ACCEPT \
      && iptables -I INPUT -m state --state NEW -p tcp --dport 9090 -j ACCEPT \
      && iptables -I INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT \
      iptables-save > /etc/sysconfig/iptables
      
    2. For Red Hat Enterprise Linux 7:
      firewall-cmd --permanent --add-port="443/tcp" --add-port="5671/tcp" --add-port="80/tcp" --add-port="8140/tcp" --add-port="9090/tcp" --add-port="8080/tcp" \
      && firewall-cmd --complete-reload
      
Advanced Firewall Considerations

The following tables provide details about the network connections made to and from the Red Hat Satellite Server.

Table 1.3. Advanced Firewall Considerations with a Red Hat Satellite Server

Flow Action Initiator Initiator Detail Endpoint Endpoint Detail Port Protocol SELinux Type
Capsule Registration Capsule Registration (Content Host) Capsule subscription-manager Satellite Server Apache 443 https http_port_t
Capsule Registration (Smart Proxy) Capsule Smart Proxy Satellite Server Passenger 8443/9090 https http_port_t, websm_port_t
Broker Connections Capsule AMQP Broker Satellite Server AMQP Broker 5671 amqp amqp_port_t
Content Promotion Initiation Server AMQP Broker Capsule AMQP Broker 5671 amqp amqp_port_t
Content Mirroring Capsule Pulp Node Server Apache 443 https/http http_port_t
Puppet Run Manifest Request Client Puppet Agent Capsule Puppet Master 8140 https puppet_port_t
External Node Classification Capsule Puppet Master Server Passenger 443 https http_port_t
Run Report Capsule Puppet Master Server Passenger 443 https http_port_t
Provisioning IP/TFTP/Etc Server Passenger Capsule Smart Proxy 8140/8443/9090 https puppet_port_t, http_port_t, websm_port_t
Installation Client Anaconda/Yum Capsule Pulp Node 8443/80 https/http http_port_t
Installation Templates Client Anaconda Server Passenger 443/80 https/http http_port_t
Orchestration DNS records Capsule nsupdate DNS server bind 53 dns dns_port_t
DHCP records Capsule omapi DHCP server ISC dhcp 7911 omapi dhcp_port_t
Yum Run Yum Execution Client Yum Capsule Apache 8443/80 https/http http_port_t
Power Management BMC On/Off/Cycle/Status Capsule User Initiated API/UI Client IPMI Device n/a ipmi n/a

Table 1.4. Advanced Firewall Considerations without a Red Hat Satellite Capsule Server

Flow Action Initiator Initiator Detail Endpoint Endpoint Detail Port Protocol SELinux Type
Subscription Management Subscription-Manager-Execution Client subscription-manager Satellite Server Passenger 443 https http_port_t
Action Initiation Server AMQP Broker Client katello-agent 5671 amqp amqp_port_t  
Installation/Removal/Update Client Anaconda/Yum Capsule Apache 8443/80 https/http http_port_t
Provisioning Installation Templates Client Anaconda Server Passenger 443/80 https/http http_port_t
Compute Resources Fog interactions (query/create destroy/etc) Server Fog Compute Resource Openstack 5000 http commplex_main_port_t
EC2 443 https http_port_t
oVirt 443 https https_port_t
Libvirt 22/16514 ssh/tls ssh_port_t, virt_port_t
SELinux Policy

Red Hat recommends that the SELinux policy on Satellite 6 systems be set to enforcing.

Important

Red Hat recommends that the Satellite Server be a freshly provisioned system that serves no other function except as a Satellite Server.
Troubleshooting

Red Hat recommends that the sos package is installed on Satellite. The sos packages provides the sosreport command. The sosreport command is a tool that collects configuration and diagnostic information from a Red Hat Enterprise Linux system and is used to provide the initial analysis of a system required when opening a service request with Red Hat Technical Support.

To install the sos package run the following command:
# yum install sos