Red Hat Training

A Red Hat training course is available for Red Hat Satellite

Appendix C. Applying Custom Configuration to Red Hat Satellite

When you install and configure Satellite for the first time using satellite-installer, you can specify that the DNS and DHCP configuration files are not to be managed by Puppet using --foreman-proxy-dns-managed=false and --foreman-proxy-dhcp-managed=false. If these options are not specified during the initial installer run, any manual changes will be overwritten by a rerun of the installer, for example, rerun for upgrade purposes. If changes are overwritten, you will need to run the restore procedure to restore the manual changes. See Section C.1, “How to restore manual changes overwritten by a Puppet run” for more information.

The installer does not have an option for all configuration files that you may want to manage manually. To specify Satellite configuration values which will not be overwritten by the installer, add entries to the configuration file /etc/foreman-installer/custom-hiera.yaml. This configuration file is in YAML format, consisting of one entry per line in the format of <puppet class>::<parameter name>: <value>. Configuration values specified in this file will persist across installer reruns.

Common examples include:

  • For Apache, to set the ServerTokens directive to only return the Product name:

    apache::server_tokens: Prod
  • To turn off the Apache server signature entirely:

    apache::server_signature: Off
  • To turn off TRACE:

    apache::trace_enable: Off
  • For Puppet, to enable the future parser:

    puppet::server_parser: future
  • For Pulp, to configure the number of pulp workers:

    pulp::num_workers: 8

C.1. How to restore manual changes overwritten by a Puppet run

If your manual configuration has been overwritten by a Puppet run, you can restore the files to the previous state. The following example shows you how to restore a DHCP configuration file overwritten by a Puppet run.

  1. Copy the file you intend to restore. This allows you to compare the files to check for any mandatory changes required by the upgrade. This is not common for DNS or DHCP services.

    # cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.backup
  2. Check the log files to note down the md5sum of the overwritten file. For example:

    # journalctl -xe
    /Stage[main]/Dhcp/File[/etc/dhcp/dhcpd.conf]: Filebucketed /etc/dhcp/dhcpd.conf to puppet with sum 622d9820b8e764ab124367c68f5fa3a1
  3. Restore the overwritten file:

    # puppet filebucket restore --local --bucket \
    /var/lib/puppet/clientbucket /etc/dhcp/dhcpd.conf \ 622d9820b8e764ab124367c68f5fa3a1
  4. Compare the backup file and the restored file, and edit the restored file to include any mandatory changes required by the upgrade.