第1章 Introduction to Red Hat Satellite
Red Hat Satellite is a system management solution that enables you to deploy, configure, and maintain your systems across physical, virtual, and cloud environments. Satellite provides provisioning, remote management and monitoring of multiple Red Hat Enterprise Linux deployments with a single, centralized tool. Red Hat Satellite Server synchronizes the content from Red Hat Customer Portal and other sources, and provides functionality including fine-grained life cycle management, user and group role-based access control, integrated subscription management, as well as advanced GUI, CLI, or API access.
Red Hat Satellite Capsule Server mirrors content from Red Hat Satellite Server to facilitate content federation across various geographical locations. Host systems can pull content and configuration from the Capsule Server in their location and not from the central Satellite Server. The Capsule Server also provides localized services such as Puppet Master, DHCP, DNS, or TFTP. Capsule Servers assist you in scaling your Satellite environment as the number of your managed systems increases.
Capsule Servers decrease the load on the central server, increase redundancy, and reduce bandwidth usage. For more information, see 2章Capsule Server Overview.
1.1. System Architecture
The following diagram represents the high-level architecture of Red Hat Satellite.
図1.1 Red Hat Satellite System Architecture
There are four stages through which content flows in this architecture:
- External Content Sources
- The Red Hat Satellite Server can consume diverse types of content from various sources. The Red Hat Customer Portal is the primary source of software packages, errata, Puppet modules, and container images. In addition, you can use other supported content sources (Git repositories, Docker Hub, Puppet Forge, SCAP repositories) as well as your organization’s internal data store.
- Red Hat Satellite Server
The Red Hat Satellite Server enables you to plan and manage the content life cycle and the configuration of Capsule Servers and hosts through GUI, CLI, or API.
The Satellite Server organizes the life cycle management by using organizations as principal division units. Organizations isolate content for groups of hosts with specific requirements and administration tasks. For example, the OS build team can use a different organization than the web development team.
The Satellite Server also contains a fine-grained authentication system to provide Satellite operators with permissions to access precisely the parts of the infrastructure that lie in their area of responsibility.
- Capsule Servers
Capsule Servers mirror content from the Satellite Server to establish content sources in various geographical locations. This enables host systems to pull content and configuration from the Capsule Servers in their location and not from the central Satellite Server. The recommended minimum number of Capsule Servers is therefore given by the number of geographic regions where the organization that uses Satellite operates.
Using Content Views, you can specify the exact subset of content that the Capsule Server makes available to hosts. See 図1.2「Content Life Cycle in Red Hat Satellite」 for a closer look at life cycle management with the use of Content Views.
The communication between managed hosts and the Satellite Server is routed through the Capsule Server that can also manage multiple services on behalf of hosts. Many of these services use dedicated network ports, but the Capsule Server ensures that a single source IP address is used for all communications from the host to the Satellite Server, which simplifies firewall administration. For more information on Capsule Servers see 2章Capsule Server Overview.
- Managed Hosts
- Hosts are the recipients of content from Capsule Servers. Hosts can be either physical or virtual. The Satellite Server can have directly managed hosts. The base system running a Capsule Server is also a managed host of the Satellite Server.
The following diagram provides a closer look at the distribution of content from the Satellite Server to Capsules.
図1.2 Content Life Cycle in Red Hat Satellite
By default, each organization has a Library of content from external sources. Content Views are subsets of content from the Library created by intelligent filtering. You can publish and promote Content Views into life cycle environments (typically Dev, QA, and Production). When creating a Capsule Server, you can choose which life cycle environments will be copied to that Capsule and made available to managed hosts.
Content Views can be combined to create Composite Content Views. It can be beneficial to have a separate Content View for a repository of packages required by an operating system and a separate one for a repository of packages required by an application. One advantage is that any updates to packages in one repository only requires republishing the relevant Content View. You can then use Composite Content Views to combine published Content Views for ease of management.
Which Content Views should be promoted to which Capsule Server depends on the Capsule’s intended functionality. Any Capsule Server can run DNS, DHCP, and TFTP as infrastructure services that can be supplemented, for example, with content or configuration services.
You can update the Capsule Server by creating a new version of a Content View using synchronized content from the Library. The new Content View version is then promoted through life cycle environments. You can also create in-place updates of Content Views. This means creating a minor version of the Content View in its current life cycle environment without promoting it from the Library. For example, if you need to apply a security erratum to a Content View used in Production, you can update the Content View directly without promoting to other life cycles. For more information on content management see the Content Management Guide.
