7.4. Running the Installation and Configuration Program for Capsule Server

Prerequisites

You must meet the following conditions before continuing on this task:

  • Install the Red Hat Satellite Server.
  • Red Hat recommends that SELinux on the Satellite 6 Capsule Server is set to enforcing.
  • Create a Capsule Server certificate on the Satellite Server:
    1. On the Satellite Server, use the capsule-certs-generate command: 
      # capsule-certs-generate --capsule-fqdn capsule.example.com --certs-tar ~/capsule.example.com-certs.tar
      Where:
      • capsule-fqdn is the Satellite Capsule Server's fully qualified domain name. Mandatory.
      • certs-tar is the name of the file to generate that will contain the certificate for the Satellite Capsule installer.
      The capsule-certs-generate command returns the installation instructions with the commands to be executed on the Capsule Server, however if you have followed the procedure in the previous section then you have already installed the Satellite's CA certificate contained in the katello-ca-consumer-latest package and registered the Capsule to the Satellite.
      Note that the syntax of those commands depends on the parameters of capsule-certs-generate and the fully qualified domain name of your Satellite. For example, the capsule-certs-generate command executed on Satellite with FQDN satellite.example.com generates the following output: 
      To finish the installation, follow these steps:

  1. Ensure that the capsule-installer package is available on the system.
  2. Copy ~/capsule.example.com-certs.tar to the capsule system capsule.example.com
  3. Run the following commands on the capsule (possibly with the customized
     parameters, see capsule-installer --help and
     documentation for more info on setting up additional services):

  rpm -Uvh http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm
  subscription-manager register --org "Default_Organization"
  capsule-installer --parent-fqdn          "satellite.example.com"\
                    --register-in-foreman  "true"\
                    --foreman-oauth-key    "xmmQCGYdkoCRcbviGfuPdX7ZiCsdExf"\
                    --foreman-oauth-secret "w5ZDpyPJ24eSBNo53AFybcnqoDYXgLUA"\
                    --pulp-oauth-secret    "doajBEXqNcANy93ZbciFyysWaiwt6BWU"\
                    --certs-tar            "~/capsule.example.com-certs.tar"\
                    --puppet               "true"\
                    --puppetca             "true"\
                    --pulp                 "true"

      Important

      The capsule-certs-generate command returns the arguments required to successfully install a Capsule with the capsule-installer command. The --foreman-oauth-key and --foreman-oauth-secret arguments are always required, the --pulp-oauth-secret argument is required if the Capsule will host content (the --pulp option set to true). See Section 7.4.1, “Installing a Capsule Server” for more information on installing a Capsule.
    2. Copy the archive file created by capsule-certs-generate, in this case called capsule.example.com-certs.tar, from the Satellite Server to the Capsule Server.

      Note

      If you have a custom certificate, see Section 7.5.1, “Configuring Red Hat Satellite Capsule Server with a Custom Server Certificate” for instructions.
The following sections will assist in configuring a Satellite Capsule Server for use with your Red Hat Satellite Server. This includes the following types of Satellite Capsule Servers:
  • Satellite Capsule Server with content functionality.
  • Satellite Capsule Server without content functionality.

7.4.1. Installing a Capsule Server

You can install a Capsule Server by using customized parameters, depending on your intended use case. See capsule-installer --help for a list of the available parameters.
To install a Capsule by using the default method, run the following command (also found in the output from capsule-certs-generate): 
# capsule-installer --parent-fqdn          "satellite.example.com"\
                    --register-in-foreman  "true"\
                    --foreman-oauth-key    "xmmQCGYdkoCRcbviGfuPdX7ZiCsdExf"\
                    --foreman-oauth-secret "w5ZDpyPJ24eSBNo53AFybcnqoDYXgLUA"\
                    --pulp-oauth-secret    "doajBEXqNcANy93ZbciFyysWaiwt6BWU"\
                    --certs-tar            "~/capsule.example.com-certs.tar"\
                    --puppet               "true"\
                    --puppetca             "true"\
                    --pulp                 "true"
To enable or disable other services, run capsule-installer --help and specify the desired value from the list of command options.

7.4.2. Verifying Your Capsule Server Installation

If the configuration is successful, run this command as the root user on the Satellite Capsule Server: 
# echo $?
This command should return a "0" to indicate success. If it does not, check the /var/log/katello-installer/capsule-installer.log file to debug the cause of failure. This log file contains the output generated by the capsule-certs-generate and capsule-installer commands.
The Satellite Capsule Server should also appear in the Satellite Server's User Interface under InfrastructureCapsules.

Note

If the new capsule does not appear under InfrastructureCapsules, you might have to associate it with your organization. Navigate to AdministerOrganizations. On the Organizations page, the following message indicates an unassigned capsule: 
Notice: There is 1 host with no organization assigned
On the same page, select your organization and pick the capsule from the list on the Capsule tab.