Chapter 2. Capsule Server Overview
Capsule Servers provide content federation and run localized services to discover, provision, control, and configure hosts. You can use Capsules to extend the Satellite deployment to various geographical locations. This section contains an overview of features that can be enabled on Capsules as well as their simple classification.
For details on Capsule requirements, installation process, scalability considerations and more, see the Installation Guide.
2.1. Capsule Features
There are two sets of features provided by Capsule Servers. You can configure the Capsule to mirror content from the Satellite Server. You can also use the Capsule to run services required for host management.
Content related features are:
- Repository synchronization – the content from the Satellite Server (more precisely from selected life cycle environments) is pulled to the Capsule Server for content delivery (enabled by Pulp).
- Content delivery – hosts configured to use the Capsule Server download content from that Capsule rather than from the central Satellite Server (enabled by Pulp).
- Host action delivery – Capsule Server executes scheduled actions on hosts, for example package updates (provided by the Katello Agent on the host and the Qpid Dispatch Router on the Capsule).
- Red Hat Subscription Management (RHSM) proxy – hosts are registered to their associated Capsule Servers rather than to the central Satellite Server or the Red Hat Customer Portal (provided by Candlepin).
Infrastructure and host management services are:
- DHCP – Capsule can act as a DHCP server or it can integrate with an existing solution, including ISC DHCP servers, Active Directory, and Libvirt instances.
- DNS – Capsule can act as a DNS server or it can integrate with an existing solution, including ISC DNS, Active Directory, or BIND.
- TFTP – Capsule can act as a TFTP server or integrate with any UNIX-based TFTP server.
- Realm – Capsule can manage Kerberos realms or domains so that hosts can join them automatically during provisioning. Capsule can integrate with an existing infrastructure including IdM, FreeIPA, and Active Directory.
- Puppet Master – Capsule can act as a configuration management server by running Puppet Master.
- Puppet Certificate Authority – Capsule can act as a Puppet CA to provide certificates to hosts.
- Baseboard Management Controller (BMC) – Capsule can provide power management for hosts.
- Provisioning template proxy – Capsule can serve provisioning templates to hosts.
- OpenSCAP – Capsule can perform security compliance scans on hosts.
2.2. Capsule Types
Not all Capsule features have to be enabled at once. You can configure a Capsule Server for a specific limited purpose. Some common configurations include:
- Infrastructure Capsules [DNS + DHCP + TFTP] – provide infrastructure services for hosts. With provisioning template proxy enabled, infrastructure Capsule has all necessary services for provisioning new hosts.
- Content Capsules [Pulp] – provide content synchronized from the Satellite Server to hosts.
- Configuration Capsules [Pulp + Puppet + PuppetCA] – provide content and run configuration services for hosts.
- All-in-one Capsules [DNS + DHCP + TFTP + Pulp + Puppet + PuppetCA] – provide a full set of Capsule features. All-in-one Capsules enable host isolation by providing a single point of connection for managed hosts.
2.3. Capsule Networking
The goal of Capsule isolation is to provide a single endpoint for all of the host’s network communications, so that in remote network segments, you need only open firewall ports to the Capsule itself. The following diagram shows how the Satellite components interact in the scenario with hosts connecting to an isolated Capsule.
Figure 2.1. Satellite Topology with Isolated Capsule
The following diagram shows how the Satellite components interact when hosts connect directly to the Satellite Server. Note that as the base system of an external Capsule is a Client of the Satellite, this diagram is relevant even if you do not intend to have directly connected hosts.
Figure 2.2. Satellite Topology with Internal Capsule
The Ports and Firewalls Requirements section of the Installation Guide contains complete instructions for configuring the host-based firewall to open the ports required. A matrix table of ports is also available in the Red Hat Knowledgebase solution Red Hat Satellite 6.3 List of Network Ports.