Chapter 3. Configuring Organizations, Locations and Life Cycle Environments

Red Hat Satellite 6 takes a consolidated approach to Organization and Location management. System administrators define multiple Organizations and multiple Locations in a single Satellite Server. For example, a company might have three Organizations (Finance, Marketing, and Sales) across three countries (United States, United Kingdom, and Japan). In this example, the Satellite Server manages all Organizations across all geographical Locations, creating nine distinct contexts for managing systems. In addition, users can define specific locations and nest them to create a hierarchy. For example, Satellite administrators might divide the United States into specific cities, such as Boston, Phoenix, or San Francisco.
Example Topology for Red Hat Satellite 6. The Satellite Server defines all locations and organizations. Each respective Satellite Capsule Server synchronizes content and handles configuration of systems in a different location.

Figure 3.1. Example Topology for Red Hat Satellite 6

The main Satellite Server retains the management function, while the content and configuration is synchronized between the main Satellite Server and a Satellite Capsule Server assigned to certain locations.

3.1. Organizations

Organizations divide hosts into logical groups based on ownership, purpose, content, security level, or other divisions.
Multiple organizations can be viewed, created, and managed within the web UI. Software and host entitlements can be allocated across many organizations, and access to those organizations controlled.
Each organization must be created and used by a single Red Hat customer account, however each account can manage multiple organizations. Subscription Manifests can only be imported into a single organization and Satellite will not upload a certificate that has already been uploaded into a different organization.
The Red Hat Satellite installation process creates an organization called Default Organization unless another name is specified. The organization name has a corresponding label.

Important

If a new user is not assigned a default organization their access will be limited. To grant systems rights to users, assign them to a default organization and have them log out and log back in again.

3.1.1. Creating an Organization

These steps show how to create a new organization.

Procedure 3.1. To Create an Organization:

  1. Navigate to AdministerOrganizations.
  2. Click New Organization.
  3. In the Name field, insert the name of the new organization.
  4. In the Label field, insert the label of the new organization.
  5. In the Description field, insert a description of the new organization.
  6. Click Submit.
  7. Select the hosts to assign to the new organization.
    • Click Assign All to assign all hosts with no organization to the new organization.
    • Click Manually Assign to manually select and assign the hosts with no organization.
    • Click Proceed to Edit to skip assigning hosts.
  8. Specify the configuration details of the organization such as Capsule Servers, subnets or compute resources. You can modify these settings later as described in Section 3.1.4, “Editing an Organization”.
  9. Click Submit.

3.1.2. Creating an Organization Debug Certificate

These steps show how to generate and download a debug certificate for an organization. Debug certificates enable you to browse all content from an organization's repositories and are required for exporting provisioning templates.

Procedure 3.2. To Create a New Organization Debug Certificate:

  1. Navigate to AdministerOrganizations.
  2. Select an organization for which you want to generate a debug certificate.
  3. Click Generate and Download. This generates a debug certificate.
  4. Save the certificate file in a secure location.

Note

Debug Certificates are automatically generated for provisioning template downloads if they do not already exist in the organization for which they are being downloaded.

3.1.3. Using an Organization Debug Certificate

You can view an organization's repository content using a browser or using the API if you have a debug certificate for that organization. The previous section describes creating and downloading the certificate which is in the X.509 format. To use a browser you must first convert the X.509 certificate to a format your browser supports and then import the certificate. The curl utility only requires extracting the certificate and key into separate files.

Procedure 3.3. To Use an Organization Debug Certificate in Firefox:

  1. Create and download an organization certificate as described in Procedure 3.2, “To Create a New Organization Debug Certificate:”.
  2. Open the X.509 certificate, for example, for the default organization:
    $ vi 'Default Organization-key-cert.pem'
  3. Copy the contents of the file from -----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY----- inclusive, into a file called key.pem.
  4. Copy the contents of the file from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- inclusive, into a file called cert.pem.
  5. Enter a command as follows to create a PKCS12 format certificate and enter a password or phrase when prompted:
    $ openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in cert.pem -inkey key.pem -out organization_label.pfx -name 'organization_name'
    Enter Export Password:
    Verifying - Enter Export Password:
  6. Using the preferences tab, import the resulting pfx file into your browser: Navigate to EditPreferencesAdvanced Tab. Select View Certificates in the Certificates view to open the Certificate Manager. On the Your Certificates tab, click Import and select the pfx file to load. You will be prompted for the password or phrase used when making the certificate.
  7. Enter a URL in the following format into your browser's address bar to begin browsing for repositories:
    http://satellite.example.com/pulp/repos/organization_label
    Pulp uses the organization label so the URL must use the organization label too.

Procedure 3.4. To Use an Organization Debug Certificate with curl:

  1. Create and download an organization certificate as described in Procedure 3.2, “To Create a New Organization Debug Certificate:”.
  2. Open the X.509 certificate, for example, for the default organization:
    $ vi 'Default Organization-key-cert.pem'
  3. Copy the contents of the file from -----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY----- inclusive, into a file called key.pem.
  4. Copy the contents of the file from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- inclusive, into a file called cert.pem.
  5. Find a valid URL for a repository. You can use the browsing method described in the previous procedure or use the web UI. For example, using the web UI, navigate to ContentProducts and select a Product by name. On the Repositories tab, select a repository by name and look for the Published At entry.
  6. To use curl to access a repository, use a command as follows:
    $ curl -k --cert cert.pem --key key.pem http://satellite.example.com/pulp/repos/Default_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/sat-tools/6.2/os/
    Ensure the paths to cert.pem and key.pem are the correct absolute paths otherwise the command will fail silently.

3.1.4. Editing an Organization

Procedure 3.5. To Edit an Organization:

  1. Navigate to AdministerOrganizations.
  2. Click the name of the organization to be edited.
  3. Select the resource to edit from the list on the left.
  4. Click the name of the desired items to add them to the Selected Items list.
  5. Click Submit.

Note

Users with administrator privileges are not listed under the Users tab when editing an organization.

3.1.5. Removing an Organization

Procedure 3.6. To Remove an Organization:

You can delete an organization if the organization is not associated with any life cycle environments or host groups. If there are any life cycle environments or host groups associated with the organization you are about to delete, deselect them by going to Organizations and clicking the relevant tabs. It is not recommended to delete the default organization created during installation because the default organization is a placeholder for any unassociated hosts in the Satellite environment. There must be at least one organization in the environment in any given time.
  1. Navigate to AdministerOrganizations.
  2. Select Delete from the drop-down menu to the right of the name of the organization you want to remove.
  3. An alert box appears:
    Delete Organization?
  4. Click OK to delete the organization.