Satellite 6.3 Feature Overview - Full Support for Running Satellite in AWS

Updated -

As of the release of Satellite 6.3, Satellite 6 fully supports running in EC2. This document outlines the possible deployment scenarios to be used during the testing of Satellite 6.3.

Table of Contents

Satellite Server and Capsule Server Deployment Scenarios

Scenario 1: Satellite Server in AWS

This is the simplest configuration of Satellite Server in AWS, managing content hosts in the same region; however, perhaps in a different availability zone.
Scenario 1: Satellite Server in AWS

Scenario 2: Satellite Server On-Premise and Capsule Server in AWS

The recommended approach is to create a VPN connection between the on-premise location and the AWS region where the Capsule will reside; however, it is possible to use the external hostname, if available, of Satellite Server when registering the instance which will run Capsule Server.

Scenario 2 — Option 1: Site-to-Site VPN connection between the AWS region and the On-Premise Datacenter

Scenario 2 — Option 1: Site-to-Site VPN connection between the AWS region and the On-Premise Datacenter

Scenario 2 — Option 2: Direct connection using the External DNS hostname

Scenario 2 — Option 2: Direct connection using the External DNS hostname

Scenario 3: Satellite Server in AWS and Capsule Server in a different region

The recommended approach is to create a site-to-site VPN connection between the different regions so that the Internal DNS hostname can be used when registering the instance that will be running Capsule Server to the Satellite Server. If a site-to-site VPN connection is not established, then the External DNS hostname should be used when registering the instance that will be running Capsule Server to the Satellite Server.

Note that most Public Cloud Providers do not charge for data being transferred into a region, or between availability zones within a single region; however, they do charge for data leaving the region to the Internet. For more information, please reference Amazon EC2 Pricing.

Scenario 3 — Option 1: Site-to-Site VPN connection between AWS regions

Scenario 3 — Option 1: Site-to-Site VPN connection between AWS regions

Scenario 3 — Option 2: Direct connection using the External DNS hostname

Scenario 3 — Option 2: Direct connection using the External DNS hostname

Pre-Requisites

Red Hat Cloud Access

Red Hat Cloud Access makes it easy to migrate your current subscriptions for use on qualified Red Hat Certified Cloud and Service Providers. All benefits of your subscription transfer to the public cloud. That means you keep your direct relationship with Red Hat, including sales and our award-winning support.

Migrate Subscriptions with Cloud Access

  1. Go to the Cloud Access page and first check the eligibility requirements to ensure that the appropriate subscription type is available for enrollment.
  2. On the Cloud Access page, select the option to “Enroll Now” in the RED HAT GOLD IMAGE tab. Once completed, private AMIs will automatically be shared with the AWS account specified.

Image Import

There are different options for making Red Hat Enterprise Linux AMIs available in AWS including:

  • Red Hat Gold Image
    • After registering subscriptions with Cloud Access, the Red Hat Gold Images will be listed as Private images or Shared with me depending on which AWS interface is used to launch the instance. The Red Hat Gold Images will have the designation Access in the AMI Name. It is also possible to search for the Red Hat Gold Images based on Owner : 309956199498, optionally adding AMI Name : Access.
  • VM Import/Export
  • AWS Management Portal for vCenter

Satellite Server and Capsule Server Resource Requirements

Although any EC2 instance type which meets or exceeds the minimum requirements for Satellite Server or Capsule Server can be used, it is recommended to use Storage Optimized instance types to run Satellite Server and Capsule Server.

When adding storage to the instance to be used for Satellite Server and/or Capsule Server, at a minimum the volume where the synced content will be stored needs to be a separate EBS volume from the boot volume and mounted separately in the operating system. It can also be beneficial to separate other data such as the mongodb directory onto a its own EBS volume, but that is not a hard requirement. The Satellite Server Installation Guide provides recommendations on the size that the volumes should be.

Satellite Server and Capsule Server Network Requirements

Typically a site-to-site VPN connection is established between the locations where Satellite Server and Capsule Server are running. If Satellite Server and Capsule Server will be communicating via External DNS hostnames, make sure to open the required ports for communication in the AWS Security Group associated with the instance if Satellite Server will be running in AWS or the hardware firewall if Satellite Server is deployed on-premise.

Installing Satellite Server and Capsule Server

Install Satellite Server

  1. Launch a Red Hat Enterprise Linux Instance in AWS
  2. Connect to the newly created instance.

  3. If using the Red Hat Gold Image, the RHUI client needs to be removed and the product-id YUM plugin needs to be enabled:

    # yum -y remove rh-amazon-rhui-client*
# yum clean all
# cat << EOF > /etc/yum/pluginconf.d/product-id.conf
> [main]
> enabled=1
> EOF

  4. Install Satellite Server by following the Quick Start Guide or Installation Guide. For additional information regarding the installation and administration of Satellite Server, please reference the Satellite Server documentation.

    • When creating the manifest, make sure to only attach subscriptions which are eligible for Cloud Access. Eligibility can be checked by visiting the Cloud Access page.
    • If the Satellite Server version is 6.2.3 or newer, Lazy Sync can be leveraged to help reduce the storage footprint of the RHEL instance hosting Satellite Server. When the download policy is set to On-Demand, content is only synced to the Satellite Server when it is requested by a content host.

Install Capsule Server

  1. Launch a Red Hat Enterprise Linux Instance in AWS
    • Open the EC2 Management Console and select a Red Hat Enterprise Linux AMI in the dashboard.
      • If the desire is to use a Red Hat Gold Image, they will be listed as Private images or Shared with me depending on which AWS interface is used to launch the instance. The Red Hat Gold Images will have the designation Access in the AMI Name. It is also possible to search for the Red Hat Gold Images based on Owner : 309956199498, optionally adding AMI Name : Access.
    • Launch an EC2 instance choosing an appropriate instance type which meets or exceeds the minimum resource requirements for Satellite Server.
    • Associate an Elastic IP Address to the instance. Note: this step is only required if a site-to-site VPN connection is not established between the locations where Satellite Server and Capsule Server are installed or if instances will be connecting to Capsule Server in a different location without access to the Internal DNS hostname of the Capsule Server.
  2. Connect to the newly created instance.
  3. Register the EC2 Instance to the Satellite Server.
  4. Install Capsule Server by following the Installation Guide. Note: make sure to open the required ports on the Capsule Server.
    • If Capsule Server will be connecting to a previously installed and configured, on-premise Satellite Server, make sure that the manifest used only contains subscriptions which are eligible for Cloud Access. Eligibility can be checked by visiting the Cloud Access page. If required, multiple manifests can be leveraged by creating additional organizations within Satellite Server and importing the additional manifest to the organization.
    • If the Capsule Server version is 6.2.3 or newer, Lazy Sync can be leveraged to help reduce the storage footprint of the RHEL instance hosting Capsule Server. When the download policy is set to On-Demand, content is only synced to the Capsule Server when it is requested by a content host.
  5. Repeat steps 1 through 4 for any additional EC2 regions and/or availability zones where it is desired to run a Capsule Server.

Register Content Hosts and Install the Katello Agent

After installing and configuring the Satellite Server and Capsule Server(s), connect to the desired EC2 instance which will be managed by the Satellite Server or Capsule Server.

The recommended method of registering the instance to Satellite Server or Capsule Server is using the bootstrap script if the Satellite Server or Capsule Server version is 6.2 or newer. The bootstrap script will remove the RHUI client, if installed, from the instance and register it to the Satellite Server or Capsule Server.

If the bootstrap script is not used, the following steps will register the instance to the Satellite Server or Capsule Server:

  1. If using the Red Hat Gold Image, the RHUI client needs to be removed and the product-id YUM plugin needs to be enabled:

    # yum -y remove rh-amazon-rhui-client*
# yum clean all
# cat << EOF > /etc/yum/pluginconf.d/product-id.conf
> [main]
> enabled=1
> EOF

  2. Register the EC2 instance to the Satellite Server or Capsule Server. Note: the External DNS hostname of the Satellite Server should be used when installing the CA Cert RPM if a site-to-site VPN is not configured, otherwise use the Internal DNS hostname.

  3. Install the Katello Agent.

Known Issues and Considerations

Subscriptions

Not all subscriptions are eligible to run in public cloud environments. Subscription eligibility can be checked by visiting the Cloud Access page. If required, multiple manifests can be leveraged by creating additional organizations within Satellite Server and importing the additional manifest to the organization.

Use-Cases Known to Work

Use-Cases Known to Work with Additional Configuration

Multi-Homed Satellite/Capsule

Leveraging Satellite using multiple interfaces with distinct hostnames requires additional configuration of the Satellite Server and Satellite Capsule Server CA certificates. Please contact Red Hat if you wish to deploy Satellite in this configuration.

Note that this is a requirement when the Satellite Server and/or Capsule Server has different Internal and External DNS hostnames and a site-to-site VPN connection is not established between the locations where Satellite Server and Capsule Server are deployed.

Lazy Sync

Lazy Sync can be leveraged with Satellite Server and/or Capsule Server versions 6.2.3 or newer to help reduce the storage footprint of the RHEL instance hosting Satellite Server and/or Capsule Server. When the download policy is set to On-Demand, content is only synced to the Satellite Server or Capsule Server when it is requested by a content host.

Use-Cases Known to not Work

As most cloud providers use image based deployment models, most of Satellite Server’s kickstart and PXE provisioning models are unusable. This includes:

  • PXE Provisioning will not work as many cloud providers do not allow customers to control DHCP
  • Discovery and Discovery Rules
  • ISO Provisioning methods
    • PXE-Less Discovery (iPXE)
    • Per-host ISO
    • Generic ISO
    • Full-host ISO

Comments