2.3. Configuring Red Hat Satellite Manually

Satellite Server has an automatic initial configuration that prepares the Satellite Server for use. The katello-installer script supports the ability to override various default settings within the different components of Satellite Server. For example, for organizations that have an existing HTTP proxy, additional configuration options need to be passed to the Satellite Server installer. See Section 2.3.1, “Configuring Red Hat Satellite Manually with an HTTP Proxy” for HTTP proxy options and Section 2.3.2, “Configuring Red Hat Satellite with a Custom Server Certificate” for custom Certificate Authority (CA) certificates.

Procedure 2.2. Running the Installer Script

As the root user, configure Red Hat Satellite Server manually by running the katello-installer script:
```
katello-installer --foreman-admin-username desired_username --foreman-admin-password desired_password
```
Where:
1. desired_username is the username that will replace the default "admin" user.
2. desired_password is the password that will replace the default password generated.
Additional configuration options can be passed to the katello-installer command to adjust various aspects of the configuration. View a complete list of options using the command:
```
# katello-installer --help
```
This script can be run multiple times without any issues.
Important
The default username is admin. The default organization name is Default Organization. It is strongly recommended that you override these default settings once you log in to the Satellite Server interface and navigate to Administer → Users and Administer → Organizations.
When the configuration script has completed successfully, it displays:
```
# katello-installer
Installing             Done
   [100%] [........................................]
   Success!
   * Katello is running at https://sat6.example.com
       Default credentials are 'admin:changeme'
   * Capsule is running at
https://sat6.example.com:9090
   * To install additional capsule on separate machine continue by running:"

       capsule-certs-generate --capsule-fqdn "$CAPSULE" --certs-tar
"~/$CAPSULE-certs.tar"

   The full log is at /var/log/katello/installer/katello-installer.log
```

After configuration, run the following commands to configure the firewall to limit elasticsearch to the foreman, katello and root users and make these rules persistent during reboots:

For Red Hat Enterprise Linux 6:

iptables -A OUTPUT -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner foreman -j ACCEPT \
&& iptables -A OUTPUT -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner katello -j ACCEPT \
&& iptables -A OUTPUT -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT \
&& iptables -A OUTPUT -o lo -p tcp -m tcp --dport 9200 -j DROP
iptables-save > /etc/sysconfig/iptables

For Red Hat Enterprise Linux 7:

firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner foreman -j ACCEPT \
&& firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner foreman -j ACCEPT \
&& firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner katello -j ACCEPT \
&& firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner katello -j ACCEPT \
&& firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT \
&& firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT \
&& firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -o lo -p tcp -m tcp --dport 9200 -j DROP \
&& firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 1 -o lo -p tcp -m tcp --dport 9200 -j DROP

The Red Hat Satellite Server is initially populated with an initial organization and location named "Default Organization" and "Default Location", respectively. These organizations can be used within the Satellite Server as they are. However, additional organizations and locations can be created in the Satellite Server after initial configuration. The default location and organization can be deleted after new organizations and locations have been created.

Report a bug

2.3.1. Configuring Red Hat Satellite Manually with an HTTP Proxy

For networks that go through an HTTP Proxy, the following katello-installer options should be used in order for the Satellite Server to successfully complete the configuration:

katello-installer --katello-proxy-url=http://myproxy.example.com --katello-proxy-port=8080 --katello-proxy-username=proxy_username --katello-proxy-password=proxy_password

Where:

--katello-proxy-url - the URL of the HTTP proxy server.
--katello-proxy-port - the port the HTTP proxy server is listening on.
--katello-proxy-username - (optional) the HTTP proxy username for authentication. If your HTTP proxy server does not require a username, you are not required to specify the username.
--katello-proxy-password - (optional) the HTTP proxy password for authentication. If your HTTP proxy server does not require a password, you are not required to specify the password.

After configuring the Satellite Server to go through the HTTP Proxy, make sure that yum or subscription-manager can connect to the Red Hat Content Delivery Network (CDN) and that the Satellite Server can synchronize its repositories to the CDN by following these steps:

Procedure 2.3. Configuring the Satellite Server to Allow Red Hat Subscription Manager Access to the CDN

On the network gateway and the HTTP Proxy, open the following hostnames, ports and protocols:
Table 2.1. Required Hostnames, Ports and Protocols
Hostname Port Protocol
subscription.rhn.redhat.com 443 https
cdn.redhat.com 443 https
*.akamaiedge.net 443 https

Hostname	Port	Protocol
subscription.rhn.redhat.com	443	https
cdn.redhat.com	443	https
*.akamaiedge.net	443	https

On the Satellite Server, fill in the following details in the/etc/rhsm/rhsm.conf file:

# an http proxy server to use (enter server FQDN)
proxy_hostname = http_proxy.example.com

# port for http proxy server
proxy_port = 3128

# user name for authenticating to an http proxy, if needed
proxy_user =

# password for basic http proxy auth, if needed
proxy_password =

Report a bug

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

2.3. Configuring Red Hat Satellite Manually

2.3.1. Configuring Red Hat Satellite Manually with an HTTP Proxy

Where did the comment section go?