Chapter 2. Capsule Server Overview
Capsule Servers provide content federation and run localized services to discover, provision, control, and configure hosts. You can use Capsules to extend the Satellite deployment to various geographical locations. This section contains an overview of features that can be enabled on Capsules as well as their simple classification.
For more information about Capsule requirements, installation process, and scalability considerations, see Installing Capsule Server.
2.1. Capsule Features
There are two sets of features provided by Capsule Servers. You can use Capsule to run services required for host management. You can also configure Capsule to mirror content from Satellite Server.
Infrastructure and host management services:
- DHCP – Capsule can act as a DHCP server or it can integrate with an existing solution, including ISC DHCP servers, Active Directory, and Libvirt instances.
- DNS – Capsule can act as a DNS server or it can integrate with an existing solution, including ISC BIND and Active Directory.
- TFTP – Capsule can act as a TFTP server or integrate with any UNIX-based TFTP server.
- Realm – Capsule can manage Kerberos realms or domains so that hosts can join them automatically during provisioning. Capsule can integrate with an existing infrastructure, including Red Hat Identity Management and Active Directory.
- Puppet Master – Capsule can act as a configuration management server by running Puppet Master.
- Puppet Certificate Authority – Capsule can act as a Puppet CA to provide certificates to hosts.
- Baseboard Management Controller (BMC) – Capsule can provide power management for hosts.
- Provisioning template proxy – Capsule can serve provisioning templates to hosts.
- OpenSCAP – Capsule can perform security compliance scans on hosts.
Content related features:
- Repository synchronization – the content from the Satellite Server (more precisely from selected life cycle environments) is pulled to the Capsule Server for content delivery (enabled by Pulp).
- Content delivery – hosts configured to use the Capsule Server download content from that Capsule rather than from the central Satellite Server (enabled by Pulp).
- Host action delivery – Capsule Server executes scheduled actions on hosts.
- Red Hat Subscription Management (RHSM) proxy – hosts are registered to their associated Capsule Servers rather than to the central Satellite Server or the Red Hat Customer Portal (provided by Candlepin).
2.2. Capsule Types
Not all Capsule features have to be enabled at once. You can configure a Capsule Server for a specific limited purpose. Some common configurations include:
- Infrastructure Capsules [DNS + DHCP + TFTP] – provide infrastructure services for hosts. With provisioning template proxy enabled, infrastructure Capsule has all necessary services for provisioning new hosts.
- Content Capsules [Pulp] – provide content synchronized from the Satellite Server to hosts.
- Configuration Capsules [Pulp + Puppet + PuppetCA] – provide content and run configuration services for hosts.
- All-in-one Capsules [DNS + DHCP + TFTP + Pulp + Puppet + PuppetCA] – provide a full set of Capsule features. All-in-one Capsules enable host isolation by providing a single point of connection for managed hosts.
2.3. Capsule Networking
The goal of Capsule isolation is to provide a single endpoint for all of the host’s network communications, so that in remote network segments, you need only open firewall ports to the Capsule itself. The following diagram shows how the Satellite components interact in the scenario with hosts connecting to an isolated Capsule.
Figure 2.1. Satellite Topology with Isolated Capsule
The following diagram shows how the Satellite components interact when hosts connect directly to the Satellite Server. Note that as the base system of an external Capsule is a Client of the Satellite, this diagram is relevant even if you do not intend to have directly connected hosts.
Figure 2.2. Satellite Topology with Internal Capsule
The Ports and Firewalls Requirements in Installing Satellite Server from a Connected Network, Ports and Firewalls Requirements in Installing Satellite Server from a Disconnected Network and Ports and Firewalls Requirements in Installing Capsule Server contain complete instructions for configuring the host-based firewall to open the ports required.
A matrix table of ports is available in the Red Hat Knowledgebase solution Red Hat Satellite List of Network Ports.