Chapter 1. Introduction to Red Hat Satellite
Red Hat Satellite is a system management solution that enables you to deploy, configure, and maintain your systems across physical, virtual, and cloud environments. Satellite provides provisioning, remote management and monitoring of multiple Red Hat Enterprise Linux deployments with a single, centralized tool. Satellite Server synchronizes the content from Red Hat Customer Portal and other sources, and provides functionality including fine-grained life cycle management, user and group role-based access control, integrated subscription management, as well as advanced GUI, CLI, or API access.
Capsule Server mirrors content from Satellite Server to facilitate content federation across various geographical locations. Host systems can pull content and configuration from Capsule Server in their location and not from the central Satellite Server. Capsule Server also provides localized services such as Puppet server, DHCP, DNS, or TFTP. Capsule Servers assist you in scaling your Satellite environment as the number of your managed systems increases.
Capsule Servers decrease the load on the central server, increase redundancy, and reduce bandwidth usage. For more information, see Chapter 2, Capsule Server Overview.
1.1. System Architecture
The following diagram represents the high-level architecture of Red Hat Satellite.
Figure 1.1. Red Hat Satellite System Architecture
There are four stages through which content flows in this architecture:
- External Content Sources
- The Satellite Server can consume diverse types of content from various sources. The Red Hat Customer Portal is the primary source of software packages, errata, and container images. In addition, you can use other supported content sources (Git repositories, Docker Hub, SCAP repositories) as well as your organization’s internal data store.
- Satellite Server
The Satellite Server enables you to plan and manage the content life cycle and the configuration of Capsule Servers and hosts through GUI, CLI, or API.
Satellite Server organizes the life cycle management by using organizations as principal division units. Organizations isolate content for groups of hosts with specific requirements and administration tasks. For example, the OS build team can use a different organization than the web development team.
Satellite Server also contains a fine-grained authentication system to provide Satellite operators with permissions to access precisely the parts of the infrastructure that lie in their area of responsibility.
- Capsule Servers
Capsule Servers mirror content from Satellite Server to establish content sources in various geographical locations. This enables host systems to pull content and configuration from Capsule Servers in their location and not from the central Satellite Server. The recommended minimum number of Capsule Servers is therefore given by the number of geographic regions where the organization that uses Satellite operates.
Using Content Views, you can specify the exact subset of content that Capsule Server makes available to hosts. See Figure 1.2, “Content Life Cycle in Red Hat Satellite” for a closer look at life cycle management with the use of Content Views.
The communication between managed hosts and Satellite Server is routed through Capsule Server that can also manage multiple services on behalf of hosts. Many of these services use dedicated network ports, but Capsule Server ensures that a single source IP address is used for all communications from the host to Satellite Server, which simplifies firewall administration. For more information on Capsule Servers see Chapter 2, Capsule Server Overview.
- Managed Hosts
- Hosts are the recipients of content from Capsule Servers. Hosts can be either physical or virtual. Satellite Server can have directly managed hosts. The base system running a Capsule Server is also a managed host of Satellite Server.
The following diagram provides a closer look at the distribution of content from Satellite Server to Capsules.
Figure 1.2. Content Life Cycle in Red Hat Satellite
By default, each organization has a Library of content from external sources. Content Views are subsets of content from the Library created by intelligent filtering. You can publish and promote Content Views into life cycle environments (typically Dev, QA, and Production). When creating a Capsule Server, you can choose which life cycle environments will be copied to that Capsule and made available to managed hosts.
Content Views can be combined to create Composite Content Views. It can be beneficial to have a separate Content View for a repository of packages required by an operating system and a separate one for a repository of packages required by an application. One advantage is that any updates to packages in one repository only requires republishing the relevant Content View. You can then use Composite Content Views to combine published Content Views for ease of management.
Which Content Views should be promoted to which Capsule Server depends on the Capsule’s intended functionality. Any Capsule Server can run DNS, DHCP, and TFTP as infrastructure services that can be supplemented, for example, with content or configuration services.
You can update Capsule Server by creating a new version of a Content View using synchronized content from the Library. The new Content View version is then promoted through life cycle environments. You can also create in-place updates of Content Views. This means creating a minor version of the Content View in its current life cycle environment without promoting it from the Library. For example, if you need to apply a security erratum to a Content View used in Production, you can update the Content View directly without promoting to other life cycles. For more information on content management, see Managing Content.
1.2. System Components
Red Hat Satellite consists of several open source projects which are integrated, verified, delivered and supported as Satellite. This information is maintained and regularly updated on the Red Hat Customer Portal; see Satellite 6 Component Versions.
Red Hat Satellite consists of the following open source projects:
- Foreman
- Foreman is an open source application used for provisioning and life cycle management of physical and virtual systems. Foreman automatically configures these systems using various methods, including kickstart and Puppet modules. Foreman also provides historical data for reporting, auditing, and troubleshooting.
- Katello
- Katello is a Foreman plug-in for subscription and repository management. It provides a means to subscribe to Red Hat repositories and download content. You can create and manage different versions of this content and apply them to specific systems within user-defined stages of the application life cycle.
- Candlepin
- Candlepin is a service within Katello that handles subscription management.
- Pulp
- Pulp is a service within Katello that handles repository and content management. Pulp ensures efficient storage space by not duplicating RPM packages even when requested by Content Views in different organizations.
- Hammer
- Hammer is a CLI tool that provides command line and shell equivalents of most Satellite web UI functions.
- REST API
- Red Hat Satellite includes a RESTful API service that allows system administrators and developers to write custom scripts and third-party applications that interface with Red Hat Satellite.
The terminology used in Red Hat Satellite and its components is extensive. For explanations of frequently used terms, see Appendix B, Glossary of Terms.
1.3. Supported Usage
Each Red Hat Satellite subscription includes one supported instance of Red Hat Enterprise Linux Server. This instance should be reserved solely for the purpose of running Red Hat Satellite. Using the operating system included with Satellite to run other daemons, applications, or services within your environment is not supported.
Support for Red Hat Satellite components is described below.
SELinux must be either in enforcing or permissive mode, installation with disabled SELinux is not supported.
- Puppet
Red Hat Satellite includes supported Puppet packages. The installation program allows users to install and configure Puppet servers as a part of Capsule Servers. A Puppet module, running on a Puppet server on the Satellite Server or Satellite Capsule Server, is also supported by Red Hat. For information on what versions of Puppet are supported, see the Red Hat Knowledgebase article Satellite 6 Component Versions.
Red Hat supports many different scripting and other frameworks, including Puppet modules. Support for these frameworks is based on the Red Hat Knowledgebase article How does Red Hat support scripting frameworks.
- Pulp
- Pulp usage is only supported via Satellite web UI, CLI, and API. Direct modification or interaction with Pulp’s local API or database is not supported, as this can cause irreparable damage to the Red Hat Satellite databases.
- Foreman
Foreman can be extended using plug-ins, but only plug-ins packaged with Red Hat Satellite are supported. Red Hat does not support plug-ins in the Red Hat Satellite Optional repository.
Red Hat Satellite also includes components, configuration and functionality to provision and configure operating systems other than Red Hat Enterprise Linux. While these features are included and can be employed, Red Hat supports their usage for Red Hat Enterprise Linux.
- Candlepin
- The only supported methods of using Candlepin are through the Satellite web UI, CLI, and API. Red Hat does not support direct interaction with Candlepin, its local API or database, as this can cause irreparable damage to the Red Hat Satellite databases.
- Embedded Tomcat Application Server
- The only supported methods of using the embedded Tomcat application server are through the Satellite web UI, API, and database. Red Hat does not support direct interaction with the embedded Tomcat application server’s local API or database.
Usage of all Red Hat Satellite components is supported within the context of Red Hat Satellite only. Third-party usage of any components falls beyond supported usage.
1.4. Supported Client Architectures
1.4.1. Content Management
Supported combinations of major versions of Red Hat Enterprise Linux and hardware architectures for registering and managing hosts with Satellite. This includes the Satellite Client 6 repositories.
Table 1.1. Content Management Support
| Platform | Architectures |
|---|---|
| Red Hat Enterprise Linux 9 | x86_64, ppc64le, s390x, aarch64 |
| Red Hat Enterprise Linux 8 | x86_64, ppc64le, s390x |
| Red Hat Enterprise Linux 7 | x86_64, ppc64 (BE), ppc64le, aarch64, s390x |
| Red Hat Enterprise Linux 6 | x86_64, i386, s390x, ppc64 (BE) |
1.4.2. Host Provisioning
Supported combinations of major versions of Red Hat Enterprise Linux and hardware architectures for host provisioning with Satellite.
Table 1.2. Host Provisioning Support
| Platform | Architectures |
|---|---|
| Red Hat Enterprise Linux 9 | x86_64 |
| Red Hat Enterprise Linux 8 | x86_64 |
| Red Hat Enterprise Linux 7 | x86_64 |
| Red Hat Enterprise Linux 6 | x86_64, i386 |
1.4.3. Configuration Management
Supported combinations of major versions of Red Hat Enterprise Linux and hardware architectures for configuration management with Satellite.
Table 1.3. Puppet Agent Support
| Platform | Architectures |
|---|---|
| Red Hat Enterprise Linux 9 | x86_64 |
| Red Hat Enterprise Linux 8 | x86_64, aarch64 |
| Red Hat Enterprise Linux 7 | x86_64 |
| Red Hat Enterprise Linux 6 | x86_64, i386 |
