Redhat Satellite and Capsule Installation and Configuration

Introduction

Red Hat Satellite is a system management solution that enables users to manage the patching, provisioning and configuration of their servers. It provides a centralized platform for managing software updates, security patches, and configurations for Red Hat Enterprise Linux (RHEL) server infrastructure. On the other hand, Capsule Server is an add-on to Satellite which helps in extending the reach of Satellite to manage content across geographically distributed locations.

Benefits of Red Hat Satellite and Capsule
1. Centralized Management
Satellite provides a single point of control, allowing IT teams to manage software updates, security patches, and configurations of all systems from a central location, thereby reducing complexity and improving efficiency.

2. Improved Security
With automated patch management capabilities, Red Hat Satellite can help organizations achieve compliance with industry standards and reduce the risk of security breaches.

3. Increased Uptime
By streamlining patching processes, Red Hat Satellite helps keep systems up-to-date and minimizes downtime caused by unexpected issues.

4. Reduced Costs
Automating manual tasks leads to improved accuracy and reduced costs associated with IT operations and maintenance.

5. Scalability
Capsule Server helps extend the reach of Satellite to additional locations, making it possible to manage systems anywhere in the world from a single console.

Basic steps involved in Red Hat Satellite workflow:

Initial Configuration: After installing and configuring Red Hat Satellite Server, you need to register it with Red Hat Subscription Management to access software entitlements. You also need to configure basic settings such as organization, locations, and content views.

Content Management: Red Hat Satellite offers a central interface to manage software content that includes RPM packages, errata, and kickstartable ISO files. Create or import custom channels or repositories and synchronize them with upstream repositories to ensure that your systems have the latest packages.

Host Registration: To manage your systems with Red Hat Satellite, you first need to register them. Register hosts either through Red Hat Subscription Manager, bootstrap script or manually via the web interface.

Provisioning: Use Red Hat Satellite to provision new systems using kickstart files or PXE boot. Define host groups for different types of systems or roles, and assign them the appropriate kickstart files and specific configurations.

Configuration Management: Once the systems are up and running, you can automate their configuration management by defining and applying Puppet classes, which consist of predefined configuration modules.

Software Updates: Keep your systems secure and stable by monitoring them for security vulnerabilities and software updates available for installed packages. Remediate any issues that appear.

Reporting and Monitoring: Red Hat Satellite provides various reports to help you track systems’ inventory, errata status, package profiles, system registration, and more. Configure monitoring and alerting on system-level and events occurring within your Satellite infrastructure to anticipate and resolve potential issues quickly.

These are the high-level steps involved in the Red Hat Satellite workflow, but there are many other features and advanced capabilities that can be utilized to streamline system administration across your environment.

The key components of Red Hat Satellite include the following:

1. Red Hat Satellite Server: This central component provides the web interface and API for managing your infrastructure. It contains all necessary data relating to synchronization, content views, host groups, and system management.
2. Capsule Server: Capsule servers act as proxies for the main Red Hat Satellite server, allowing clients to connect to them instead of directly connecting to the main server. Capsules provide load balancing, serving as intelligent nodes for connected clients, and can also be used as local repositories for software updates.
3. Content Delivery Network (CDN): This is a Red Hat service that provides software package distribution, enabling access to Red Hat Enterprise Linux installation media, patch sets, and other content. Red Hat Satellite synchronizes its repository metadata with the CDN to offer cloned repositories containing custom content.
4. Subscription Manager: Subscription Manager is a client-side tool that manages the software subscriptions of a Red Hat system. Hosts registered to Red Hat Satellite utilize Subscription Manager to install, update, or remove software packages.
5. Puppet Modules: Red Hat Satellite includes Puppet modules that are designed to complement the Puppet master. These predefined modules define and configure agents' attributes, such as software sources, system configurations, user management, and more.
6. Katello: Katello is a core feature of Red Hat Satellite that integrates many components into one cohesive unit. It manages the lifecycle of software environments, including content creation, organization and environment management, and configuration management via Puppet
7. Foreman: Foreman is an open-source software management tool that provides provisioning, configuration, and monitoring capabilities in addition to Red Hat Satellite. Red Hat Satellite uses Foreman for orchestration of system tasks.

These components work together to allow you to manage your Red Hat infrastructure more efficiently, with centralized and automated configuration management, package distribution, provisioning, monitoring, and reporting.

Prerequisites
Before starting with the installation process, ensure that you have the following:

Hardware requirement
• 64bit system
• Min 4 core recommended 8 core CPU
• Min 16 GB of RAM 32GB recommended
• Network Card
• 100 GB Disk.

Software requirement
• RHEL 7.5 with base package installation.
• 1 Redhat Satellite and 3 Redhat Capsule subscription.
• Redhat Satellite software.

To ensure proper communication between Red Hat Satellite and Capsule Server, you need to configure the firewall rules to allow specific ports for different services. Here are the ports that need to be open on the firewall for Red Hat Satellite and Capsule:

1. Red Hat Satellite Server Ports:

• TCP Port 80 and 443 – For HTTP and HTTPS traffic respectively.
• TCP Port 5671 – For communicating with AMQP broker.
• TCP Port 22 – For SSH traffic. Needed only if Remote Execution feature is enabled
• TCP Port 69, 67, 4011 – For provisioning PXE boot loader.

2. Capsule Server Ports:

• TCP Port 80 and 443 - For HTTP and HTTPS traffic respectively. 
• TCP Port 5647 - Capsule Registration.
•  TCP Port 5646 - Capsule Listener. 
• TCP Port 8140 - Puppet agent requests from clients.
• TCP Port 9090 - Capsule provisioning.

Storage configuration is recommended for this Satellite Server system:

• At least 6 GB of storage reserved for the base operating system.
• An additional 2 GB allocated for the Red Hat Satellite 6 software installation.
• At least 1 MB of storage allocated for /var/cache/pulp.
• Another minimum of 1 MB of storage allocated for /var/lib/pulp.
• At least 2 MB of storage allocated in /var/lib/qpidd per each content host to be registered with Satellite Server.
• A minimum of 3.5 GB of storage allocated for /var/lib/mongodb, which contains Satellite Server's MongoDB database.
• Finally, a minimum of 2 GB of storage allocated for /var/lib/pgsql, which contains Satellite Server's Postgres database.

Installation Process

Step 1: Install Red Hat Satellite Server
Follow the steps outlined below to install the Red Hat Satellite Server.

• Install the necessary packages using yum command.

# yum -y install satellite-installer

• Once the package is installed, run the following command to launch Satellite installer.

# satellite-installer --scenario satellite

• The installer will prompt for inputs such as database configuration, SSL certificate settings, network settings and so on. Provide inputs as per your environment requirements.
• Wait until the installation completes successfully.

Step 2: Install Red Hat Capsule Server
Once the Satellite Server installation is complete, it's time to install Capsule Server. Follow the steps outlined below to install Capsule Server.

• Enable the necessary packages using the yum command.

# subscription-manager repos --enable=rhel-7-server-satellite-capsule-6.4-rpms

• Install the capsule package.

# yum install -y katello-capsule

• Run the capsule installer command with appropriate options.

# capsule-certs-generate --capsule-fqdn <capsule_fqdn> \
--certs-tar ~/capsule.example.com-certs.tar

• Install Capsule Server using the installer script.

# capsule-installer --scenario capsule --foreman-proxy-register-in-foreman "true" \
--certs-tar ~/capsule.example.com-certs.tar

• This will prompt for inputs such as database configuration, SSL certificate settings, network settings and so on. Provide inputs as per your environment requirements.
• Wait until the installation completes successfully.

To configure firewall rules for Red Hat Satellite and Capsule, use the following commands:

• To allow http and https traffic:

# firewall-cmd --permanent --add-service=http
# firewall-cmd --permanent --add-service=https

• To allow other ports required by Red Hat Satellite and Capsule

# firewall-cmd --permanent --add-port=5671/tcp
# firewall-cmd --permanent --add-port=22/tcp
# firewall-cmd --permanent --add-port=69/tcp
# firewall-cmd --permanent --add-port=67/tcp
# firewall-cmd --permanent --add-port=4011/tcp
# firewall-cmd --permanent --add-port=5647/tcp
# firewall-cmd --permanent --add-port=5646/tcp
# firewall-cmd --permanent --add-port=8140/tcp
# firewall-cmd --permanent --add-port=9090/tcp

• To reload the FirewallD service:

# firewall-cmd --reload

Ensure that your firewall is properly configured to allow these ports for Red Hat Satellite and Capsule to function correctly.

Conclusion
The above steps should now have you up and running with a Red Hat Satellite Server and Capsule Server. You can now use these servers to manage software updates, security patches and configurations for your Red Hat Enterprise Linux (RHEL) server infrastructure.