Red Hat Training

A Red Hat training course is available for Red Hat Satellite

Chapter 3. Configuring Provisioning Resources

Red Hat Satellite 6 provides a set of provisioning resources that contribute to the creation of a new host. This section explores some of these resources and how they contribute to host provisioning.

Supported Architectures

Only Intel x86_64 architecture is supported for provisioning using PXE, Discovery, and boot disk. For full details see Red Hat Knowledgebase solution Architectures Supported for Satellite 6 Provisioning.

BIOS and UEFI Support

With Red Hat Satellite, you can perform both BIOS and UEFI based PXELinux provisioning.

Both BIOS and UEFI interfaces work as interpreters between the computer’s operating system and firmware, initializing the hardware components and starting the operating system at boot time.

While BIOS reads the first section of the hard drive that contains the next address to initialize, UEFI stores all the information about initialization and startup in an .efi file instead of the firmware. UEFI systems are newer and becoming more common.

To perform PXELinux provisioning with UEFI you must use a Red Hat Enterprise Linux Server 7 or higher that has Intel x86_64. In Satellite, PXELinux provisioning with UEFI is supported only on bare-metal systems. UEFI is not supported for virtual machines. UEFI SecureBoot is also not supported.

In Satellite provisioning, the PXE loader which is a DHCP file name that defines which file to load through TFTP during PXE provisioning. For BIOS system, the file is pxelinux.0. For UEFI systems, the file is grub2/grubx64.efi.

For BIOS provisioning, you must associate a PXELinux template with the operating system.

For UEFI provisioning you must associate a PXEGrub2 template with the operating system.

If you associate both PXELinux and PXEGrub2 templates, Satellite 6 can deploy configuration files for both on a TFTP server, so that you can switch between PXE loaders easily.

3.1. Creating Architectures

An architecture in Satellite represents a logical grouping of hosts and operating systems. Architectures are created by Satellite automatically when hosts check in with Puppet. Basic i386 and x86_64 architectures are already preset in Satellite 6.

For Web UI Users

  1. Click Hosts > Architectures and then click Create Architecture.
  2. Specify a Name for the architecture.
  3. Select any Operating Systems that include this architecture. If none are available, you can create and assign them under Hosts > Operating Systems.
  4. Click Submit.

For CLI Users

Enter the hammer architecture create command to create an architecture. Specify its name and operating systems that include this architecture. 

# hammer architecture create --name "architecture_name" \
--operatingsystems "os"

3.2. Creating Hardware Models

Hardware models specify what hardware model a host uses.

For Web UI Users

  1. Navigate to Hosts > Hardware Models.
  2. Click Create Model.
  3. Specify a Name for the hardware model.
  4. Optionally, you can enter the Hardware Model and Vendor Class for your system.
  5. Enter a description of the hardware model in the Info field.
  6. Click Submit.

For CLI Users

Create a hardware model using the hammer model create command. The only required parameter is --name. Optionally, enter the hardware model into the --hardware-model parameter, vendor class into the --vendor-class parameter, and description into the --info parameter. 

# hammer model create --name "model_name" --info "description" \
--hardware-model "hardware_model" --vendor-class "vendor_class"

3.3. Creating Partition Tables

A partition table is a set of directives that defines the way the Satellite Server configures the disks available on a new host. Red Hat Satellite 6 contains a set of default partition tables to use, including a Kickstart default. You can also edit partition table entries to configure the preferred partitioning scheme, or create a partition table entry and add it to the Red Hat Enterprise Linux operating system entry.

For Web UI Users

Navigate to Hosts > Partition tables and click Create Partition Table.

  • Name - A name to represent the partition table.
  • Default - To set the template to automatically associate with new organizations or locations.
  • Snippet - To set the template as a reusable snippet for other partition table layouts.
  • Operating system family - The distribution or family of the partitioning layout. For example, Red Hat Enterprise Linux, CentOS, and Fedora would be in the Red Hat family.

  • Template editor - A text area to enter the layout for the disk partition. For example: 

    zerombr
clearpart --all --initlabel
autopart

    You can also use the Template file browser to upload a template file.

    Note

    The format of the layout must match that for the intended operating system. For example, Red Hat Enterprise Linux 7.2 requires a layout that matches a kickstart file.

  • Audit Comment - A field for a summary of changes to the partition layout.

Satellite adds the partition table to the current provisioning context. You can select additional contexts from the Organizations and Locations tabs.

Click Submit to save your partition table.

For CLI Users

Before creating a partition table with the CLI, create a plain text file that contains the partition layout. This example uses the ~/my-partition file. Create the installation medium using the hammer partition-table create command: 

# hammer partition-table create --name "My Partition" --snippet false \
--os-family Redhat --file ~/my-partition --organizations "ACME" \
--locations "New York"

3.4. Using a Synced Kickstart Repository for a Host’s Operating System

Satellite contains a set of synchronized kickstart repositories that you use to install the provisioned host’s operating system.

To set up a kickstart repository, complete the following steps:

  1. Add the synchronized kickstart repository that you want to use to the existing Content View or create a new Content View and add the kickstart repository.
  2. Publish a new version of the Content View where the kickstart repository is added and promote it to a required lifecycle environment. For more information, see Managing Content Views in the Content Management Guide.
  3. When you create a host, in the Operating System tab, for Media Selection, select the Synced Content check box.

To View the Kickstart Tree

To view the kickstart tree enter the following command: 

# hammer medium list --organization "your_organization"

3.5. Creating Provisioning Templates

A provisioning template defines the way the Satellite Server installs an operating system on a host. There are various types of provisioning templates, including:

  • provision - The main template for the provisioning process. For example, a kickstart template. For more information about kickstart template syntax, see the Kickstart Syntax Reference in the Red Hat Enterprise Linux 7 Installation Guide.
  • PXELinux, PXEGrub, PXEGrub2 - PXE-based templates that deploy to the template Capsule associated with a subnet to ensure that the host uses the installer with the correct kernel options. For BIOS provisioning, select PXELinux template. For UEFI provisioning, select PXEGrub2.
  • finish - Post-configuration scripts for after the completion of the main provisioning process. This is completed as a SSH task.
  • Bootdisk - Templates for PXE-less boot methods.

  • kexec - Kernel execution templates for PXE-less boot methods.

    Note

    Kernel Execution is a Technology Preview feature. Technology Preview features are not fully supported under Red Hat Subscription Service Level Agreements (SLAs), may not be functionally complete, and are not intended for production use. However, these features provide early access to upcoming product innovations, enabling customers to test functionality and provide feedback during the development process.

  • user_data - Post-configuration scripts for providers that accept user data, such as cloud-init scripts.
  • script - An arbitrary script not used by default but useful for custom tasks.
  • ZTP - Zero Touch Provisioning templates.
  • POAP - PowerOn Auto Provisioning templates.
  • iPXE - Templates for iPXE or gPXE environments to use instead of PXELinux.

Red Hat Satellite includes many template examples. Navigate to Hosts > Provisioning templates to view them. You can clone and adjust any of them, or create your own. Templates accept the Embedded Ruby (ERB) syntax, for more information see Template Writing Reference in Managing Hosts.

You can download provisioning templates. Before you can download the template, you must create a debug certificate first, see Creating an Organization Debug Certificate in the Content Management Guide.

Change logs and history

To view the history of changes applied to a template, navigate to Hosts > Provisioning templates, select one of the templates, and click History. Click Revert to override the editor content with the previous version. It is possible to revert to an earlier change as well. Click Show Diff to see information about a specific change:

  1. Template Diff tab shows changes in the body of a provisioning template.
  2. Details tab shows changes in the template description.
  3. History tab shows the user who made a change to the template and date of the change.

Tagged VLAN Provisioning

If you want to use tagged VLAN provisioning, you must ensure that your BIOS and firmware are configured for tagged VLAN. You must also edit the APPEND line of PXELinux or PXEGrub2 template to add the following information: 

vlanid=example_VLAN_ID
Note

Finishing templates are only designed to be used for imaged based provisioning in virtual environments. Do not confuse an image with a foreman discovery ISO, which is sometimes called a Foreman discovery image. An image in this context is an install image in a virtualized environment for easy deployment.

For Web UI Users

Navigate to Hosts > Provisioning templates and click Create Template. The UI provides a set of fields where you can input details for the provisioning template.

Note

The Help tab provides information about the template syntax. It explains in further details the available functions, variables, and methods that can be called on different types of objects within the template.

Alternatively, you can select one of the template examples, click Clone to duplicate it, and modify its preset details:

  • In the Template tab:

    • Name - Plain text name for the provisioning template.
    • Default - To set the template to automatically associate with new organizations or locations.
    • Template editor - A text area to enter the body of the provisioning template. You can also use the Template file browser to upload a template file.
    • Audit Comment - A field for a summary of changes to the provisioning template.

  • In the Type tab:

    • Snippet - Designates the provisioning template as a snippet. A snippet is not a standalone provisioning template, but a part of a provisioning template that can be inserted into other provisioning templates.
    • Type - The type of template. For example, Provisioning template.

  • In the Association tab.

    • From the All items list in the Applicable Operating Systems section, click the name of an operating system entry to move that operating system entry to the Selected items list and make the provisioning template available to that operating system entry.
    • Optionally, click Add combination and select a host group from the Host Group list or an environment from the Environment list to make the provisioning template available to the specified combination of host groups and environments.

Satellite adds the provisioning template to the current provisioning context. You can select additional contexts from the Organizations and Locations tabs.

Click Submit to save your provisioning template.

For CLI Users

Before creating a template with the CLI, create a plain text file that contains the template. This example uses the ~/my-template file. Create the installation medium using the hammer template create command and specify the type with the --type option: 

# hammer template create --name "My Provisioning Template" \
--file ~/my-template --type provision --organizations "ACME" \
--locations "New York"

3.5.1. Deploying SSH Keys during Provisioning

SSH keys added to a user can be deployed during provisioning. For information on adding SSH keys to a user, see Adding SSH Keys to a User in Administering Red Hat Satellite.

To Deploy a SSH Key during Provisioning

  1. Navigate to Hosts > Provisioning templates.
  2. Create a provisioning template, clone, or edit an existing template. For more information, see Section 3.5, “Creating Provisioning Templates”.
  3. In the template, click the Template tab.

  4. In the Template editor field, add the create_users snippet to the %post section: 

    <%= snippet('create_users') %>
  5. Select the Default check box.
  6. Click the Association tab.
  7. From the Application Operating Systems list, select the appropriate operating system.
  8. Click Submit to save the provisioning template.

  9. Create a host that is associated with the provisioning template or rebuild a host using the OS associated with the modified template. For more information, see Creating a Host in the Managing Hosts guide.

    The SSH keys of the Owned by user are added automatically when the create_users snippet is executed during the provisioning process. You can set Owned by to an individual user or a user group. If you set Owned by to a user group, the SSH keys of all users in the user group are added automatically.

3.6. Creating Operating Systems

An operating system is a collection of resources that define how the Satellite Server installs a base operating system on a host. Operating system entries combine previously defined resources, such as installation media, partition tables, provisioning templates, and others.

Importing operating systems from Red Hat’s CDN creates new entries in the Hosts > Operating Systems page. Users can also add custom operating systems using the following procedure:

For Web UI Users

Navigate to Hosts > Operating systems and click New Operating system. The UI provides a set of fields where you can input details for the operating system:

  • In the Operating System tab:

    • Name - A plain text name to represent the operating system entry.
    • Major version - The number corresponding to the major version of the operating system.
    • Minor version - The number corresponding to the minor version of the operating system.
    • Description - A text field for the operating system’s description.
    • Family - The operating system family to categorize the new operating system.
    • Root password hash - The encoding method for the root password.
    • Architectures - Select the architectures the operating system uses. Create additional architectures in the Hosts > Architectures menu.

  • In the Partition table tab:

    • Select the possible partition tables that apply to this operating system.

  • In the Installation media tab:

  • In the Templates tab:

    • You must select a PXELinux template, a Provisioning template, and a Finish template for your operating system to use.
    • You can select other templates, for example an iPXE template, if you plan to use iPXE for provisioning.

Click Submit to save your provisioning template.

For CLI Users

Create the operating system using the hammer os create command: 

# hammer os create --name "MyOS" \
--description "My custom operating system" \
--major 7 --minor 3 --family "Redhat" --architectures "x86_64" \
--partition-tables "My Partition" --media "Red Hat" \
--provisioning-templates "My Provisioning Template"

Note the following:

  • We use the resources created in previous sections in this example: installation media, partition tables, and provisioning templates.
  • Operating systems do not have a provisioning context. Only the resources that form an operating system have a provisioning context.

3.7. Creating Compute Profiles

Compute profiles are used in conjunction with compute resources, such as virtualization infrastructure and cloud providers. Compute profiles allow users to predefine hardware such as CPUs, memory, and storage. A default installation of Red Hat Satellite 6 contains three predefined profiles:

  • 1-Small
  • 2-Medium
  • 3-Large

For our example, we create a fourth profile called 4-Example.

For Web UI Users

Navigate to Infrastructure > Compute profiles, which displays a list of existing profiles. Click New Compute Profile.

Enter the Name of the profile (for example 4-Example) and click Submit.

For CLI Users

The compute profile CLI commands are not yet implemented in Red Hat Satellite 6.3.

3.8. Creating an Activation Key

Before creating new hosts, it is recommended to have an activation key. This activation key is used to register systems in the provisioning scenarios. For the scenarios in this guide, the aim is to create an example activation key to attach subscriptions and repositories from the Content Management Guide.

For Web UI Users

Navigate to Content > Activation keys and click Create Activation Key. Provide the activation key with the following information:

  • Name - The name of the activation key. We use this name during the system registration process. Enter example.
  • Content Host Limit - The number of systems the Satellite Server allows to register for this activation key. Select Unlimited Content Hosts.
  • Description - A plain text description for the activation key. Enter Example activation key.
  • Environment - The environment to use. Select Production.
  • Content View - The Content View (and, by extension, the repository) in the environment to use. Select Base.

Click Save. The activation key details screen displays.

Now we must define which products to attach and repositories to enable upon registration. Navigate to the Subscriptions tab. An empty subscription listing appears. Click Add, select both the Red Hat Enterprise Linux subscription, and click Add Selected.

Note

The Auto-Attach option is enabled by default. When auto-attach is enabled on an activation key and there are subscriptions associated with the key, the subscription management service selects and attaches the best-matched associated subscriptions based on a set of criteria. You can enable auto-attach and have no subscriptions associated with the key. This type of key is commonly used to register virtual machines when you do not want the virtual machine to consume a RHEL subscription but to inherit a RHEL Virtual Data Center (VDC) subscription from the hypervisor. If auto-attach is disabled, the subscription management service will attempt to attach all associated subscriptions during host registration. If any of the subscriptions cannot be attached, host registration will fail.

Navigate to the Product Content page. This displays all the repositories associated with the activation key’s products. As default, the Satellite Server only enables:

  • The repository that best matches the system requirements. In this case, it is only the Red Hat Enterprise Linux 7 Server RPMs.
  • Any custom content.

Our scenario should have the following defaults set:

Red Hat Enterprise Linux Server:

  • Red Hat Enterprise Linux 7 Server (Kickstart) - Enabled: No (Default)
  • Red Hat Satellite Tools 6.3 (for RHEL 7 Server) (RPMs) - Enabled: No (Default)
  • Red Hat Enterprise Linux 7 Server (RPMs) - Enabled: Yes (Default)

Enable the Red Hat Satellite Tools 6.3 repository because that contains the configuration tools (such as katello-agent and puppet). Change it to the following:

  • Red Hat Satellite Tools 6.3 (for RHEL 7 Server) (RPMs) - Enabled: Override to Yes

Click Save

For CLI Users

Create the activation key: 

# hammer activation-key create --name "example" \
--unlimited-hosts true --description "Example activation key" \
--lifecycle-environment "Production" --content-view "Base"  \
--organization "ACME"

Obtain a list of your subscription IDs: 

# hammer subscription list --organization "ACME"

Attach the Red Hat Enterprise Linux subscription UUID to the activation key: 

# hammer activation-key add-subscription --name "example" \
--subscription-id ff808181533518d50152354246e901aa \
--organization "ACME"

List the product content associated with the activation key: 

# hammer activation-key product-content --name "example" \
--organization "ACME"

Override the default auto-enable status for the Red Hat Satellite Tools 6.3 repository. The default status is set to disabled. This command enables it: 

# hammer activation-key content-override --name "example" \
--content-label rhel-7-server-satellite-tools-6.3-rpms \
--value 1 --organization "ACME"

The example activation key is ready for registering our provisioned systems.

3.9. Setting a Default Encrypted Root Password for Hosts

If you do not want to set a plain text default root password for the hosts that you provision, you can use a default encrypted password.

To set a default encrypted password for your hosts, complete the following steps:

  1. Generate an encrypted password. You can use the following command to generate a password: 

    python -c 'import crypt,getpass;pw=getpass.getpass(); print(crypt.crypt(pw)) if (pw==getpass.getpass("Confirm: ")) else exit()'
  2. Copy the password for later use.
  3. In the Satellite web UI, navigate to Administer > Settings.
  4. On the Settings page, select the Provisioning tab.
  5. In the Name column, navigate to Root password, and click Click to edit.
  6. Paste the encrypted password that you generate, and click Save.

3.10. Creating Third Party Installation Media

Installation media are sources of files the Satellite Server uses to install third-party base operating system on a machine. Installation media must be in the format of an operating system installation tree, and must be accessible to the machine hosting the installer through a HTTP URL. Available installation media appears in the Hosts > Installation Media menu.

For other installation media, for example, a locally mounted ISO image, users can add their own custom media paths using the following procedure:

For Web UI Users

Navigate to Hosts > Installation Media and click New Medium. The UI provides a set of fields where you can input details for the installation medium:

  • Name - A name to represent the installation media entry in the user interface.

  • Path - The URL or NFS share containing the installation tree. The following variables can be used in the path to represent multiple different system architectures and versions:

    • $arch - The system architecture, for example x86_64.
    • $version - The operating system version, for example 7.2.
    • $major - The operating system major version, for example 7.

    • $minor - The operating system minor version, for example 2.

      Example HTTP path: 

      http://download.example.com/centos/$version/Server/$arch/os/

      Example NFS path: 

      nfs://download.example.com:/centos/$version/Server/$arch/os/
      Note

      Synchronized content on Capsule Servers always use a HTTP path. Capsule Server managed content does not support NFS paths.

  • Operating system family - The distribution or family of the medium. For example, CentOS, and Fedora would be in the Red Hat family.

The Satellite Server adds the installation medium to the current provisioning context. You can select additional contexts from the Organizations and Locations tabs, which will help with future debugging.

Click Submit to save your installation medium.

For CLI Users

Create the installation medium using the hammer medium create command: 

# hammer medium create --name "CustomOS" --os-family "Redhat" \
--path 'http://download.example.com/centos/$version/Server/$arch/os/' \
--organizations "ACME" --locations "New York"

3.11. Using noVNC to Access Virtual Machines

You can use your browser to access the VNC console of VMs created by Satellite.

Satellite supports using noVNC on the following virtualization platforms:

  • VMware
  • Libvirt
  • RHV

Use the following procedure to configure your virtualization platform and browser to enable the use of the noVNC console.

Prerequisites

  • You must have a virtual machine created by Satellite.
  • For existing virtual machines, ensure that the Display type in the Compute Resource settings is VNC.
  • You must import the Katello root CA certificate into your Satellite Server. Adding a security exception in the browser is not enough for using noVNC. For more information, see the Installing the Katello Root CA Certificate section in the Administering Red Hat Satellite guide.

Procedure

  1. On the VM host system, configure the firewall to allow VNC service on ports 5900 to 5930:

    • On Red Hat Enterprise Linux 6: 

      # iptables -A INPUT -p tcp --dport 5900:5930 -j ACCEPT
# service iptables save

    • On Red Hat Enterprise Linux 7: 

      # firewall-cmd --add-port=5900-5930/tcp
# firewall-cmd --add-port=5900-5930/tcp --permanent
  2. In the Satellite web UI, navigate to Infrastructure > Compute Resources and select the name of a compute resource.
  3. In the Virtual Machines tab, select the name of a VM host. Ensure the machine is powered on and then select Console.

3.12. Chapter Summary

In this chapter, we examined the resources used for provisioning new hosts. This includes installation media, partition tables, provisioning templates, compute profiles, and activation keys. Future scenarios in this guide show how to apply these resources to the host provisioning process.

The next chapter looks at configuring our network infrastructures for provisioning.