Red Hat Training

A Red Hat training course is available for Red Hat Satellite

Chapter 2. Managing Organizations

Organizations divide Red Hat Satellite 6 resources into logical groups based on ownership, purpose, content, security level, or other divisions. You can create and manage multiple organizations through Red Hat Satellite 6, then divide and assign your Red Hat subscriptions to each individual organization. This provides a method of managing the content of several individual organizations under one management system. Here are some examples of organization management:

Single Organization
A small business with a simple system administration chain. In this case, we create a single organization for the business and assign content to it.
Multiple Organizations
A large company that owns several smaller business units. For example, a company with separate system administration and software development groups. In this case, we create organizations for the company and each of the business units it owns. This keeps the system infrastructure for each separate. We then assign content to each organization based on their needs.
External Organizations
A company that manages external systems for other organizations. For example, a company offering cloud computing and web hosting resources to customers. In this case, we might create an organization for the company’s own system infrastructure and then an organization for each external business. We then assign content to each organization where necessary.

A default installation of Red Hat Satellite 6 provides a default organization called Default_Organization.

Important

If a new user is not assigned a default organization their access is limited. To grant systems rights to users, assign them to a default organization and have them log out and log back in again.

2.1. Creating an Organization

For Web UI Users

  1. Navigate to Administer > Organizations.
  2. Click New Organization.
  3. Provide the base details for the organization:

    • Name - A plain text name for the organization.
    • Label - A unique identifier for the organization. This is used for creating and mapping certain assets, such as directories for content storage. Use letters, numbers, underscores, and dashes, but no spaces.
    • Description - An optional plain text description for the organization.
  4. Click Submit.

    • If you have hosts with no organization assigned, you are redirected to the Select Hosts tab. Select between three variants of assigning hosts to the organization:

      • Assign All to assign all hosts with no organization assigned.
      • Manually Assign to select which hosts to assign to the organization.
      • Proceed to Edit to move to the Edit Properties page without assigning hosts to the organization
    • If you do not have hosts with no organization assigned, you are redirected to the Edit page, where you can assign infrastructure resources to the organization. This includes networking resources, installation media, kickstart templates, and other parameters. You can return to this page at any time by navigating to Administer > Organizations and then selecting an organization to edit.
  5. After completing your organization creation, click Submit.

For CLI Users

Enter the following command to create an organization:

# hammer organization create \
--name "your_organization_name" \
--label "your_organization_label \
--description "your_organization_description"

2.2. Setting the Organization Context

An organization context defines the organization to use for a host and its associated resources.

For Web UI Users

The organization menu is the first menu item in the menu bar, on the upper left of the Satellite web UI. If you have not selected a current organization, the menu says Any Organization. Click the Any Organization button and select the organization to use.

For CLI Users

While using the CLI, include either --organization "your_organization_name" or --organization-label "your_organization_label" as an option. For example:

# hammer subscription list --organization "Default_Organization"

This command outputs subscriptions allocated for the Default_Organization.

2.3. Creating an Organization Debug Certificate

To Create a New Organization Debug Certificate:

  1. Navigate to Administer > Organizations.
  2. Select an organization for which you want to generate a debug certificate.
  3. Click Generate and Download. This generates a debug certificate.
  4. Save the certificate file in a secure location.
Note

Debug Certificates are automatically generated for provisioning template downloads if they do not already exist in the organization for which they are being downloaded.

2.4. Using an Organization Debug Certificate

You can view an organization’s repository content using a browser or using the API if you have a debug certificate for that organization. The previous section describes creating and downloading the certificate which is in the X.509 format. To use a browser you must first convert the X.509 certificate to a format your browser supports and then import the certificate. The curl utility only requires extracting the certificate and key into separate files.

To Use an Organization Debug Certificate in Firefox.

  1. Create and download an organization certificate as described in Section 2.3, “Creating an Organization Debug Certificate”.
  2. Open the X.509 certificate, for example, for the default organization:

    $ vi 'Default Organization-key-cert.pem'
  3. Copy the contents of the file from: -----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY----- inclusive, into a file called key.pem.
  4. Copy the contents of the file from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- inclusive, into a file called cert.pem.
  5. Enter a command as follows to create a PKCS12 format certificate and enter a password or phrase when prompted:

    $ openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in cert.pem -inkey key.pem -out organization_label.pfx -name organization_name
    Enter Export Password:
    Verifying - Enter Export Password:
  6. Using the preferences tab, import the resulting pfx file into your browser: Navigate to Edit > Preferences > Advanced Tab. Select View Certificates in the Certificates view to open the Certificate Manager. On the Your Certificates tab, click Import and select the pfx file to load. You are prompted for the password or phrase used when making the certificate.
  7. Enter a URL in the following format into your browser’s address bar to begin browsing for repositories:

    http://satellite.example.com/pulp/repos/organization_label

    Pulp uses the organization label so the URL must use the organization label too.

To Use an Organization Debug Certificate with Curl:

  1. Create and download an organization certificate as described in Section 2.3, “Creating an Organization Debug Certificate”
  2. Open the X.509 certificate, for example, for the default organization:

    $ vi 'Default Organization-key-cert.pem'
  3. Copy the contents of the file from: -----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY----- inclusive, into a file called key.pem.
  4. Copy the contents of the file from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- inclusive, into a file called cert.pem.
  5. Find a valid URL for a repository. You can use the browsing method described in the previous procedure or use the web UI. For example, using the web UI, navigate to Content > Products and select a Product by name. On the Repositories tab, select a repository by name and look for the Published At entry.
  6. To use curl to access a repository, enter the following command:

    $ curl -k --cert cert.pem --key key.pem http://satellite.example.com/pulp/repos/Default_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/sat-tools/6.4/os/

    Ensure the paths to cert.pem and key.pem are the correct absolute paths otherwise the command fails silently.

2.5. Deleting an Organization

You can delete an organization if the organization is not associated with any life cycle environments or host groups. If there are any life cycle environments or host groups associated with the organization you are about to delete, remove them by navigating to Administer > Organizations and clicking the relevant organization. It is not recommended to delete the default organization created during installation because the default organization is a placeholder for any unassociated hosts in the Satellite environment. There must be at least one organization in the environment in any given time.

For Web UI Users

  1. Navigate to Administer > Organizations.
  2. Select Delete from the list to the right of the name of the organization you want to delete.
  3. Click OK to delete the organization.

For CLI Users

Enter the following command to delete an organization:

# hammer organization delete --organization "your_organization_name"