4.2. Disconnected Satellite

In high security environments where hosts are required to function in a closed network disconnected from the Internet, the Red Hat Satellite can provision systems with the latest security updates, errata, and packages. The recommended way to populate a disconnected Satellite with content is by using an ISO file downloaded form the Red Hat Customer Portal. Alternatively, you can configure a synchronization host.

4.2.1. Using Content ISO

The following procedure shows how to use the content ISO to add content to Red Hat Satellite.
  1. Download the product ISO from the Red Hat Customer Portal, as follows:
    1. Go to Downloads (at the very top of the window) and select Red Hat Satellite.
    2. Open the Content ISOs tab. All products to which the account is subscribed are listed there.
    3. Click the link for the product name, such as Red Hat Enterprise Linux 6 Server (x86_64)(2015-03-12) to download the ISO.
    4. Save to media.
  2. Copy all of the Satellite content ISOs to a directory that Satellite can access. This example uses /root/isos.
  3. Create a local directory that will be shared via httpd on the Satellite. This example uses /var/www/html/pub/sat-import/. 
    # mkdir -p /var/www/html/pub/sat-import/
  4. Recursively copy the contents of the first ISO to the local directory: 
    # mkdir /mnt/iso
# mount -o loop /root/isos/first_iso /mnt/iso
# cp -ruv /mnt/iso/* /var/www/html/pub/sat-import/
# umount /mnt/iso
# rmdir /mnt/iso
  5. Repeat the above step for each ISO until you have copied all the data from the series of ISOs into the local directory /var/www/html/pub/sat-import/.
  6. Ensure that the SELinux contexts are correct: 
    # restorecon -rv /var/www/html/pub/sat-import/
  7. Modify the default provider URL the Satellite web interface:
    1. Log in to the Satellite web interface.
    2. Select the required organization from the Organization menu.
    3. Click ContentRed Hat Subscriptions and then click Manage Manifest.
    4. On the Subscription Manifest information screen select the Actions tab. Under Red Hat Provider Details click the edit icon on the Red Hat CDN URL entry and change it to the Satellite host name with the newly created directory, for example: 
      http://server.example.com/pub/sat-import/
      Click Save.
    5. Click Browse to choose the manifest file.
    6. Click Upload to import your manifest.

    Note

    The Satellite is now acting as its own CDN with the files located in http://localhost. This is not a requirement. The CDN can be hosted on a different machine inside the same disconnected network as long as it is accessible to the Satellite server via HTTP.
  8. To enable the repositories from the local CDN, click ContentRed Hat Repositories
  9. Click ContentSync Status.
  10. Select the repositories you want to synchronize and click Synchronize Now.
Once the synchronize finishes, the disconnected Satellite is now ready to serve the content to hosts.

4.2.2. Using the Synchronization Host

Important

The synchronization host feature is planned to be deprecated in future releases of Red Hat Satellite. Therefore, it is recommended to use the procedure described in Section 4.2.1, “Using Content ISO”
The diagram below illustrates how a disconnected Satellite is able to keep its content updated even without an Internet connection. An intermediary system with an Internet connection is needed to act as a synchronization host. This synchronization host is in a separate network from the Satellite server.
The synchronization host imports content from the Red Hat Content Delivery Network (CDN) through pulp. The content is then exported onto a media, such as DVDs, CDs, or external hard drives and transferred to the disconnected Satellite server. The following sections in this chapter will guide you through the whole process.
Disconnected Satellite

Figure 4.1. Disconnected Satellite

4.2.2.1. Configuring the Synchronization Host

The following section shows how to configure the synchronization host.
Prerequisites

To import content from the Red Hat Content Distribution Network (CDN), the synchronization host requires:

Procedure 4.14. To Configure a Host to Synchronize and Export Content from the Red Hat CDN:

  1. Use Red Hat Subscription Manager to register the synchronization host to RHN.
  2. List all the available subscriptions to find the correct Red Hat Satellite product to allocate to your system: 
    # subscription-manager list --available --all
    This command displays output similar to the following: 
    +-------------------------------------------+
    Available Subscriptions
+-------------------------------------------+


ProductName:        Red Hat Satellite
ProductId:          SKU123456
PoolId:             e1730d1f4eaa448397bfd30c8c7f3d334bd8b
Quantity:           10
Multi-Entitlement:  No
Expires:            08/20/2013
MachineType:        physical

    Note

    The Product ID and Pool ID depend on the Red Hat Satellite product type that corresponds to your system version and product type.
  3. Subscribe to the required pool IDs: 
    # subscription-manager subscribe \
--pool=Red_Hat_Satellite_Pool_ID \
--pool=Red_Hat_Enterprise_Linux_Pool_ID \
--pool=Red_Hat_Enterprise_Linux_Software_Collections_Pool_ID
  4. Disable all existing repositories: 
    # subscription-manager repos --disable "*"
  5. Enable the Red Hat Satellite and Red Hat Enterprise Linux and Red Hat Software Collections repositories. Ensure the Red Hat Enterprise Linux repository matches the specific version you are using. 
    # subscription-manager repos --enable rhel-6-server-rpms \
--enable rhel-server-rhscl-6-rpms \
--enable rhel-6-server-satellite-6.1-rpms

    Note

    The commands above are based on Red Hat Enterprise Linux 6. If you are using a different version of Red Hat Enterprise Linux, change the repository based on your specific version.
  6. Install katello-utils: 
    # yum install katello-utils
    katello-utils includes the katello-disconnected utility that is required to set up repositories for import while qpid related packages are necessary for pulp configuration.
  7. Generate a 32-character alphanumeric string for the oauth_secret entry in the /etc/pulp/server.conf file: 
    $ tr -dc "[:alnum:]" < /dev/urandom | head -c 32
  8. In the /etc/pulp/server.conf, uncomment the [oauth] entry and add the randomly-generated value from the previous step as the oauth_secret value: 
    [oauth]
enabled: true
oauth_key: katello
oauth_secret: v8SeYqvS5QUfmg0dIrJOBG58lAHDRZnN
  9. Disable authentication in /etc/qpid/qpidd.conf: 
    # Configuration file for qpidd. Entries are of the form:
#   name=value
#
# (Note: no spaces on either side of '=').
# Run "qpidd --help" or see "man qpidd" for more details.

auth=no
    All incoming connections authenticate using the Satellite's default realm.
  10. Configure the connection from katello-disconnected to Pulp with the previously generated value as your --oauth-secret option: 
    # katello-disconnected setup --oauth-key=katello --oauth-secret=v8SeYqvS5QUfmg0dIrJOBG58lAHDRZnN
    This places a configuration value in ~/.katello-disconnected.
  11. Configure Pulp on the synchronization server: 
    sudo service qpidd start
sudo chkconfig qpidd on
sudo service mongod start
sleep 10
sudo chkconfig mongod on
sudo -u apache pulp-manage-db
sudo service httpd restart
sudo chkconfig httpd on
sudo chkconfig pulp_workers on
sudo service pulp_workers start
sudo chkconfig pulp_celerybeat on
sudo service pulp_celerybeat start
sudo chkconfig pulp_resource_manager on
sudo service pulp_resource_manager start
  12. Import the manifest to set up the list of available repositories to synchronize based on the selected subscriptions: 
    # katello-disconnected import -m ./manifest.zip
The synchronization host is now ready to synchronize content from the Red Hat CDN.

4.2.2.2. Synchronizing Content

By default, katello-disconnected enables all repositories that are included in the manifest for synchronization. Synchronization time is directly related to the amount of repositories to be synchronized. If the manifest has a large amount of repositories, the synchronization will take time and network resources.
katello-disconnected allows for the synchronization of specific repositories. This section will set up Pulp for synchronizing content.
  1. Disable all repositories: 
    # katello-disconnected disable --all
    katello-disconnected enables all repositories by default.
  2. Choose which repositories you wish to sync by listing all available repositories from the manifest: 
    # katello-disconnected list --disabled
rhel-6-server-rhn-tools-rpms-6_6-x86_64
rhel-6-server-rhn-tools-rpms-6Server-x86_64
rhel-6-server-kickstart-6Server-x86_64
rhel-6-server-kickstart-6_6-x86_64
rhel-6-server-rh-common-rpms-6_6-x86_64
rhel-6-server-rpms-6_6-x86_64
  3. Enable the chosen repositories for synchronization: 
    # katello-disconnected enable -r rhel-6-server-rh-common-rpms-6_6-x86_64
  4. Create the repositories and push them to Pulp to allow synchronization: 
    # katello-disconnected configure

    Note

    The configure option for katello-disconnected reads the manifest, creates pulp repositories, and generates scripts before synchronization. It needs to be run each time a repository is enabled or disabled.
  5. Synchronize the repositories: 
    # katello-disconnected sync
    You can use the watch option to monitor the synchronization process. 
    # katello-disconnected watch
Watching sync... (this may be safely interrupted with Ctrl+C)
running:
rhel-6-server-rh-common-rpms-6_6-x86_64

running:
rhel-6-server-rh-common-rpms-6_6-x86_64
...
finished:
rhel-6-server-rh-common-rpms-6_6-x86_64


Watching finished

4.2.2.3. Exporting Content

The synchronized content needs to be exported to enable importing into the disconnected Red Hat Satellite. An external export media such as a CD, DVD, or external hard drive is required for this procedure. Perform the following steps:
  1. Export the synchronized repositories: 
    # katello-disconnected export -t /var/tmp/export
    You can use the watch option to monitor the synchronization process. The output will look similar to: 
    # katello-disconnected watch
Watching sync... (this may be safely interrupted with Ctrl+C)
running:
rhel-6-server-rh-common-rpms-6_6-x86_64

finished:
rhel-6-server-rh-common-rpms-6_6-x86_64
Watching finished
Done watching ...
 Copying content to /var/tmp/export
 Archiving contents of /var/tmp/export into 4600M tar archives.
 NOTE: This may take a while.
tar: Removing leading `/' from member names

Done exporting content, please copy /var/tmp/export/* to your disconnected host
    This operation will create the following files in /var/tmp/export: 
    # ls /var/tmp/export/
content-export-00 content-export-01 content-export-02 expand_export.sh
  2. Copy the files from /var/tmp/export to the external media.

    Note

    If the files are too big for your external media, the files can be copied sequentially in a series of DVDs.
The synchronized content has now been exported and ready for importing to the disconnected Satellite server.

4.2.2.4. Importing Content to a Disconnected Satellite Server

Before importing content, ensure that the directory and file system containing the exports has enough space to contain the extracted archives. For example, if your export is 40 GB, the disconnected Satellite Server directory and file system where you are importing the content will need an extra 40 GB of space to expand it on the same file system.
  1. Copy all of the Satellite Content ISOs to a directory that the Satellite can access. This example uses /root/isos.
  2. Create a local directory that will be shared via httpd on the Satellite. This example uses /var/www.html/pub/sat-import/. 
    # mkdir -p /var/www/html/pub/sat-import/
  3. Recursively copy the contents of the first ISO to the local directory: 
    # mkdir /mnt/iso
# mount -o loop /root/isos/first iso /mnt/iso
# cp -ruv /mnt/iso/* /var/www/html/pub/sat-import/
# umount /mnt/iso
# rmdir /mnt/iso
  4. Repeat the above step for each ISO until you have copied all the data from the series of ISOs into the local directory /var/www/html/pub/sat-import/.
  5. Ensure that the SELinux contexts are correct: 
    # restorecon -rv /var/www/html/pub/sat-import/
  6. Change the default provider URL in the Satellite web interface:
    1. Log in to the Satellite web interface and select the required organization.
    2. Click ContentRed Hat Subscriptions and then click Manage Manifest.
    3. On the Subscription Manifest information screen select the Actions tab. Under Red Hat Provider Details, click the edit icon next to the Red Hat CDN URL entry and change the URL to reference the location that the ISOs were copied to. This example uses the Satellite fully qualified domain name (FQDN) server.example.com, so the URL is: 
      http://server.example.com/pub/sat-import/
    4. Click Browse to choose the manifest file.
    5. Click Upload to import your manifest.
  7. Enable the repositories from the local CDN:
    1. Click ContentRed Hat Repositories
    2. Enable the repositories that were enabled and synchronized in the Synchronizing Content section.
  8. Click ContentSync Status.
  9. Select the repositories you want to synchronize and click Synchronize Now.

Note

The Satellite is now acting as its own CDN with the files located in http://localhost. This is not a requirement. The CDN can be hosted on a different machine inside the same disconnected network as long as it is accessible to the Satellite server via HTTP.
Once the synchronize finishes, the disconnected Satellite is now ready to serve the content to client systems.

4.2.3. Migrating from Disconnected to Connected Satellite

If your environment changed from disconnected to connected, you can reconfigure a disconnected Satellite to pull content directly from Red Hat Customer Portal:
  1. Ensure the correct organization is selected. Navigate to ContentRed Hat Subscriptions and click Manage Manifest.
  2. On the Subscription Manifest screen select the Actions tab. Click the edit icon next to the Red Hat CDN URL entry and insert the following URL: 
    https://cdn.redhat.com
    Click Save.
On next synchronization, Satellite will pull content directly from Red Hat Customer Portal.