9.3. Configuring Provisioning Settings

This section shows how to create and configure elements of a provisioning environment.

9.3.1. Domains

Satellite has the ability to assign domain names with Red Hat Satellite Capsule Server DNS. This provides users with a means to group and name hosts within a particular domain.

Procedure 9.6. To Create a Domain:

  1. Click InfrastructureDomains.
  2. Click New Domain. On the Domain tab, specify the following settings:
    1. Specify a Name for the Domain. This is the required DNS domain name.
    2. Type a Description for the Domain.
    3. Select a DNS-enabled Capsule Server.
  3. On the Parameters tab, specify domain parameters.
  4. On the Locations tab, select locations for the domain.
  5. On the Organizations tab, select organizations for the domain.

    Important

    Ensure that the Locations and Organizations are configured as they will help with future debugging.
  6. Click Submit.

9.3.2. Subnets

Satellite has the ability to create networks for groups of systems. Subnets use standard IP address settings to define the network and use the Red Hat Satellite Capsule Server's DHCP features to assign IP addresses to systems within the subnet.

9.3.2.1. Creating a Subnet

The following procedure shows how to create a subnet.

Procedure 9.7. To Create a Subnet:

  1. Click InfrastructureSubnets.
  2. Click New Subnet. On the Subnet tab, specify the following settings:
    1. Specify a Name, Network address (IP address), and Network mask for the subnet. These settings are required.
    2. Optionally, specify the Gateway address, Primary DNS server, Secondary DNS server, and VLAN ID. Note that the gateway address and DNS server settings are optional only with IPAM and Boot modes set to DHCP (default). If you decide to change these default modes, you also have to specify gateway and DNS.
      You can also select the IPAM mode (DHCP, Internal DB, or None) and define the IP assignment range with the Start of IP range and End of IP range fields.
    3. Select the default Boot mode for the subnet (DHCP or Static).
  3. On the Domains tab, select the applicable domains for the subnet.
  4. On the Capsules tab, select the Capsule Servers to be used for hosting the DHCP Proxy, TFTP Proxy, DNS Proxy, and Discovery Proxy services.
  5. On the Locations tab, select locations for the subnet.
  6. On the Organizations tab, select organizations for the subnet.

    Important

    Ensure that the Locations and Organizations are configured as they will help with future debugging.
  7. Click Submit.

9.3.3. Architectures

An architecture in Satellite represents a logical grouping of hosts and operating systems. Architectures are created by Satellite automatically when hosts check in with Puppet. However, none exist with a default installation and require creation.

Procedure 9.8. To Create an Architecture:

  1. Click HostsArchitectures and then click New Architecture.
  2. Specify a Name for the architecture.
  3. Select any Operating Systems that include this architecture. If none are available, you can create and assign them under HostsOperating Systems.
  4. Click Submit.

9.3.4. Compute Resources

Compute resources are hardware abstractions from virtualization and cloud providers. Satellite uses compute resources to provision virtual machines and containers. Supported private providers include Red Hat Enterprise Virtualization, oVirt, OpenStack, VMware, Libvirt, and Docker. Supported public cloud providers include Amazon EC2, Google Compute Engine, and Rackspace.

Procedure 9.9. To Add a Compute Resource:

  1. Navigate to InfrastructureCompute Resources.
  2. Click New Compute Resource. On the Compute Resource tab, specify the following settings:
    1. Specify a Name and a Provider type for the Compute Resource. Optionally, insert a Description.
    2. Depending on the provider type chosen, the next few fields ask for authentication and datacenter details. Refer to the following table for more information about each provider type.

      Table 9.2. Provider Settings

      Type
      Description
      RHEV
      Suits Red Hat Enterprise Virtualization environments. Requires the URL of the Manager API, a valid Username and Password, and a Datacenter on the system to abstract compute resources. Click Load Datacenters to populate the drop-down menu. Optionally, you can specify a Quota ID and provide one or more certificate authorities in the X509 Certification Authorities field.
      Libvirt
      Suits Libvirt-based environments. Requires the URL of the virtual machine. Select the Display type. Click Test Connection to test if the virtual machine is available. Select Console passwords to set a randomly generated password on the display connection.
      VMware
      Suits VMware-based environments. Requires the host name of the VCenter/Server, a valid VMware Username and Password, and a Datacenter to abstract compute resources. Click Load Datacenters to populate the drop-down menu. You can specify a certificate Fingerprint and select Console passwords to set a randomly generated password on the display connection.
      RHEL OpenStack Platform
      Suits OpenStack-based environments. Requires the URL of the OpenStack server, a valid OpenStack Username and Password, and a Tenant to abstract compute resources. Click Load Tenants to populate the drop-down menu.
      Rackspace
      Suits Rackspace public cloud accounts. Requires the URL of the Rackspace API, a valid Rackspace Username and API Key, and a Region to abstract compute resources. Click Test Connection to make sure your connection to the chosen region is valid.
      EC2
      Suits Amazon EC2 public cloud accounts. Requires the Access Key and Secret Key available from any valid Amazon EC2 account. Requires a Region to act as a Datacenter for resource abstraction. Click Load Regions to populate the selection drop-down menu.
      Google
      Suits Google Compute Engine public cloud accounts. Requires the Google Project ID, a valid Client Email and a Certificate path to the p12 file. You can also specify a Zone to abstract compute resources. Click Load zones to populate the drop-down menu.
      Docker
      Suits container registries. Requires the URL of the internal or external compute resource. Optionally, specify a Username, Password, and a contact Email. Click Test Connection to test if the connection is available.
  3. On the Locations tab, select desired locations to add them to the Selected Items list.
  4. On the Organizations tab, select the desired organizations to add them to the Selected Items list.

    Important

    Ensure that the Locations and Organizations are configured as they will help with future debugging.
  5. Click Submit.

9.3.5. Configuring Libvirt as a Compute Resource

On the system where the Libvirt hypervisor is to be used, ensure the following packages are installed:
# yum install qemu-kvm libvirt virt-manager
Ensure the FQDN of the hypervisor host resolves correctly on the hypervisor machine and on the base system where Satellite Server is running.

Procedure 9.10. To Add a Libvirt Compute Resource:

  1. Navigate to InfrastructureCompute resources.
  2. Click New Compute Resource. On the Compute Resource tab, specify the following settings:
    1. Specify a Name and from the Provider drop-down menu, select Libvirt as the type for the Compute Resource. Optionally, insert a Description.
    2. In the URL field, enter a string as follows:
      qemu:///system
    3. From the Display Type drop-down menu, select VNC.
    4. Optionally select the Console passwords check box if this compute resource will only be used for new Libvirt guests. This option cannot be used together with previously configured Libvirt guests.
    5. Click Test Connection. If the connection is successful the button turns green.
    6. Click Submit to save the configuration.
    7. Select the Virtual Machines tab. Previously configured Libvirt guests will be shown.

Procedure 9.11. To Configure SSH Access to Libvirt:

Perform the following steps on the system where Red Hat Satellite is running unless otherwise directed.
  1. Ensure the SSH file permissions and SELinux context for the foreman user are correct:
    # ls -Zd /usr/share/foreman/.ssh
    drwx------. foreman foreman system_u:object_r:ssh_home_t:s0  /usr/share/foreman/.ssh
  2. Create SSH keys for the foreman user:
    # su - foreman -s /bin/bash
    -bash-4.2$ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/usr/share/foreman/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /usr/share/foreman/.ssh/id_rsa.
    Your public key has been saved in /usr/share/foreman/.ssh/id_rsa.pub.
    The key fingerprint is:
    07:47:a9:23:d2:fe:2f:07:fb:55:75:46:3e:8e:6e:69 foreman@satellite.example.com
    The key's randomart image is:
    +--[ RSA 2048]----+
    |          ..    .|
    |         ..    o |
    |     .  ...    .=|
    |    . o oo    ooo|
    |     o .S..  ... |
    |      . ..  ...  |
    |       . o  .E   |
    |        + ..o    |
    |         =o      |
    +-----------------+
  3. Copy the SSH public key to the remote hypervisor system. For example, if your Libvirt host is kvm.example.com:
    -bash-4.2$ ssh-copy-id root@kvm.example.com
    The authenticity of host 'kvm.example.com (192.168.1.2)' can't be established.
    ECDSA key fingerprint is 78:79:41:d0:b8:40:d5:4a:6d:7f:22:03:bd:cd:a0:dd.
    Are you sure you want to continue connecting (yes/no)? yes
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    foreman@192.168.1.2's password:
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh 'root@kvm.example.com'"
    and check to make sure that only the key(s) you wanted were added.
  4. Make an SSH connection to the remote system to confirm that no password prompt appears:
    -bash-4.2$ ssh root@kvm.example.com
    You should not be prompted for the password. The public key can be found in the .ssh/authorized_keys file on the remote system. Exit after successfully logging in and checking the keys:
    -bash-4.2$ exit
  5. In the web UI, navigate to InfrastructureCompute resources and click New Compute Resource.
  6. In the Name field enter a suitable name.
  7. From the Provider drop-down menu, select Libvirt.
  8. In the URL field, enter a string in the following format:
    qemu+ssh://root@kvm.example.com/system
    Where kvm.example.com is the FQDN of your Libvirt host.
  9. From the Display Type drop-down menu, select VNC.
  10. Optionally select the Console passwords check box if this compute resource will only be used for new Libvirt guests. This option cannot be used together with previously configured Libvirt guests.
  11. Click Test Connection. If the connection is successful the button turns green.
  12. Click Submit to save the configuration.
  13. Select the Virtual Machines tab. Previously configured Libvirt guests will be shown.

Procedure 9.12. To Configure the noVNC Console:

Prerequisites:

  • SSH keys must be configured for the foreman user on the Satellite Server's base system (as explained previously).
  • Existing Libvirt guests must be configured to use VNC server as the display type, the port settings set to Auto, and no VNC password selected.
  1. On the hypervisor host system, configure the firewall to allow VNC service on ports 5900 to 5930:
    • On Red Hat Enterprise Linux 6:
      # iptables -A INPUT -p tcp --dport 5900:5930 -j ACCEPT
      # service iptables save
    • On Red Hat Enterprise Linux 7:
      # firewall-cmd --add-port=5900-5930/tcp
      # firewall-cmd --add-port=5900-5930/tcp --permanent
  2. In the browser used for the web UI, trust the Satellite Server certificate as follows:
    1. Visit the public downloads page of the Satellite Server, for example https://satellite.example.com/pub/, and click the certificate file katello-server-ca.crt.
    2. Select to trust the certificate for identifying websites.
  3. In the browser used for the web UI, disable HTTP strict transport security (HSTS). HSTS is described in RFC 6797. For example, in Firefox, enter About:Config in the browser address bar and set the following boolean to True:
    network.websocket.allowInsecureFromHTTPS
  4. Ensure you are using the FQDN in the browser for the web UI. NoVNC will not work if the domain name in the URL does not match the CN value in the certificate, which should be the same as the FQDN. Use a command as follows to check the CN value:
    # openssl x509 -text -noout -in /etc/pki/katello/certs/katello-apache.crt | grep CN
    Issuer: C=US, ST=North Carolina, L=Raleigh, O=Katello, OU=SomeOrgUnit, CN=satellite.example.com
    Subject: C=US, ST=North Carolina, O=Katello, OU=SomeOrgUnit, CN=satellite.example.com
    output truncated
  5. Navigate to Infrastructure+Compute Resources. Select the name of a Libvirt resource. On the Virtual Machines tab, select the name of a Libvirt guest. Ensure the machine is powered on and then select Console. The console window appears after the noVNC handshake completes.

9.3.6. Hardware Models

Hardware models help run unattended installations on systems based on the Scalable Processor Architecture (SPARC).

Procedure 9.13. To Create a Hardware Model:

  1. Click HostsHardware Models.
  2. Click New Model.
  3. Specify a Name for the Hardware Model.
  4. For SPARC builds, insert the CPU Hardware model and Vendor class. Other architectures do not require values in these fields.
  5. Type a description of the Hardware Model in the Information field.
  6. Click Submit.

9.3.7. Installation Media

Red Hat Satellite uses installation media (ISO images) as content for kickstart trees and new host installations.

Procedure 9.14. To Add an Installation Medium:

  1. Click HostsInstallation Media.
  2. Click New Medium. On the Medium tab, specify the following settings:
    1. Type a Name for the Installation Media. This setting is required.
    2. Type a Path to the Installation Medium. Options include either a URL or a valid NFS server. This setting is required.
    3. Select an Operating System Family to define the type of the Installation Medium.
  3. On the Locations tab, select the desired locations to add them to the Selected Items list.
  4. On the Organizations tab, select the desired organizations to add them to the Selected Items list.

    Important

    Ensure that the Locations and Organizations are configured as they will help with future debugging.
  5. Click Submit.

9.3.8. Partition Tables

Partition tables define the partitions and file system layout for new installations when provisioning systems. Satellite users specify the host's disk layout as an explicit sequence of partitions or use a dynamic disk layout script.

Procedure 9.15. To Create a Partition Table:

  1. Click HostsPartition Tables.
  2. Click New Partition Table.
  3. Type a Name for the partition table.
  4. Optionally select Default. This check box defines if the partition is automatically associated with new organizations or locations.
  5. Optionally select Snippet. This check box defines if the partition is a reusable snippet for other partition table layouts.
  6. Select the operating system from the Operating system family drop-down list.
  7. Specify the Layout of the partition table. You can enter the layout in the text area under Template editor or click Choose File to upload a template file.

    Note

    The format of the layout must match that for the intended operating system. For example, Red Hat Enterprise Linux 7.2 requires a layout that matches a kickstart file.
  8. Use the Audit Comment field to add a summary of changes to the partition layout.
  9. Click Submit.
New partition table has to be associated with an operating system as described in Section 9.3.11, “Operating Systems”

9.3.9. Provisioning Templates

Provisioning templates provide the systematic means to run unattended installations. Provisioning templates can be executed via several methods including bash scripts, kickstart scripts, and PXE-based installations.

Procedure 9.16. To Create a Provisioning Template:

  1. Click HostsProvisioning Templates.
  2. Click New Template. On the Provisioning Template tab, specify the following settings:
    1. Specify a Name for the template.
    2. Insert your template in the Template editor field. Alternatively, click Browse to upload the template. This replaces the content in the Template editor field with the content of your chosen file.
    3. Optionally, type a comment in the Audit Comment field. Satellite adds the comment to the template history to track changes. View the template history under the History tab.
  3. On the Type tab, select Snippet to store the template code without defining it as particular script or template type, or select the type from the Type drop-down menu.
  4. On the Association tab, select host groups, environments and operating systems to be associated with the template. Select the operating systems from the Applicable Operating Systems list. Click Add Combination and select a Hostgroup and Environment to limit the template's use. Note that associations are not available for templates of type snippet.
  5. On the Association tab, you can view the history of existing templates. No history is available when creating a new template.
  6. On the Locations tab, select locations for the template.
  7. On the Organizations tab, select organizations for the template.

    Important

    Ensure that the Locations and Organizations are configured as they will help with future debugging.
  8. Click Submit.
For more information on provisioning templates, see Creating Provisioning Templates in the Red Hat Satellite Provisioning Guide.

9.3.10. Configuring gPXE to Reduce Provisioning Times

To reduce provisioning time when downloading PXE boot files, gPXE enables the use of additional protocols such as HTTP to reduce download time. To make use of gPXE, proceed as follows:
  • On systems configured to be a TFTP server, copy /usr/share/syslinux/gpxelinuxk.0 to /var/lib/tftpboot.
  • In the PXE Handoff section of /etc/dhcp/dhcpd.conf, change the DHCP filename option from pxelinux.0 to gpxelinuxk.0.
  • Create provisioning templates as follows and then assign them, together with the default template, to the operating systems.

Procedure 9.17. To Configure a gPXE Provisioning Template:

  1. Click HostsProvisioning templates.
  2. Find the template Kickstart default PXELinux and select Clone.
  3. Enter a name, for example, Kickstart default gPXELinux.
  4. In the Template editor, search and replace @initrd with @host.url_for_boot(:initrd)
  5. In the Template editor, search and replace @kernel with @host.url_for_boot(:kernel)
  6. Select the Type tab. From the Type drop-down menu, select PXELinux.
  7. On the Association tab, select host groups, environments and operating systems to be associated with the template. Select the operating systems from the Applicable Operating Systems list. Click Add Combination and select a Hostgroup and Environment to limit the template's use.
  8. Click Submit.

9.3.11. Operating Systems

Operating Systems define combinations of installation methods and media and are grouped within families. As a default, Red Hat Satellite uses a RedHat family. Families allow Satellite to change certain behaviors when provisioning hosts.

Procedure 9.18. To Add an Operating System:

  1. Click HostsOperating Systems.
  2. Click New Operating system. On the Operating System tab, specify the following settings:
    1. Type the Name of the Operating System and its Major Version. These settings are required.
    2. Optionally, define the Minor Version, select the OS Family, and add a Description of the operating system.
    3. Select a Root password hash (MD5, SHA256, of SHA512).
    4. Select the Architectures from the list of available Architectures. If none are available, create and assign them under HostsArchitectures as described in Section 9.3.3, “Architectures”.
  3. On the Partition tables tab, select the applicable file system layouts from the list. For more information on creating partition tables, see Section 9.3.8, “Partition Tables”.
  4. On the Installation Media tab, select the applicable installation media from the list. For more information on adding installation media, see Section 9.3.7, “Installation Media”.
  5. On the Templates tab, you can assign provisioning templates when editing an existing operating system. This option is not available when creating a new operating system. For more information on creating provisioning templates, see Section 9.3.9, “Provisioning Templates”.
  6. On the Parameters tab, you can add parameters for the operating system.
  7. Click Submit.