Home Linux Central_Management Satellite_5 
Prerequisites

Account on access.redhat.com and satellite licence.

2 cpu
4G ram minimum, 10G suggested.

/var/satellite 40G  (about 25G is used once synced with rhel-x86_64-server-6 and tools, RH Suggest 20G per channels, clones take about 200M each)
    ./jlfs vg_data01 lv_satellite 40G /var/satellite root root 755

/var/cache/rhn 10G
    ./jlfs vg_data01 lv_rhn 10G /var/cache/rhn root root 750
 service osa-dispatcher start

/var/lib/pgsql 15G
    ./jlfs vg_data01 lv_pgsql 15G /var/lib/pgsql root root 750



Deployment on RHEL 6.5 with root user.

Install with @base only
umask for root set at 0022
ntp configured on server and clients, all synced
LANG="en_US.UTF-8"   in /etc/sysconfig/i18n
entry with ip and hostname in /etc/hosts


Firewall

Port        Protocol    Direction   Reason
67          TCP/UDP     Inbound     Open this port to configure the Red Hat Satellite as a DHCP server for systems requesting IP addresses.
69          TCP/UDP     Inbound     Open this port to configure Red Hat Satellite as a PXE server and allow installation and re-installation of PXE-boot enabled systems.
80          TCP         Outbound    Red Hat Satellite uses this port to reach Red Hat Network.
80          TCP         Inbound     Web UI and client requests come in via http.
443         TCP         Inbound     Web UI and client requests come in via https.
443         TCP         Outbound    Red Hat Satellite uses this port to reach Red Hat Network (unless running in a disconnected mode for Satellite).
4545        TCP         In/Out      Red Hat Satellite Monitoring makes connections to rhnmd running on client systems, if Monitoring is enabled and probes are configured for registered systems.
5222        TCP         Inbound     This port pushes actions to client systems.
5269        TCP         In/Out  This port pushes actions to Red Hat Proxy Server.
5432        TCP         In/Out  This is a requirement for communication with a PostgreSQL database server if using an External Database or Managed Database.
25151       TCP         In/Out   for cobbler XMLRPC

Finally, open your firewall to the following hosts for access to Red Hat's Content Delivery Network (CDN):

     rhn.redhat.com
     xmlrpc.rhn.redhat.com
     satellite.rhn.redhat.com
     content-xmlrpc.rhn.redhat.com
     content-web.rhn.redhat.com
     content-satellite.rhn.redhat.com



Add to /etc/sysconfig/iptables

  # For satellite services
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 67 -j ACCEPT
  -A INPUT -m state --state NEW -m udp -p udp --dport 67 -j ACCEPT
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT
  -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
  - A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
  # Monitoring not used -A INPUT -m state --state NEW -m tcp -p tcp --dport 4545 -j ACCEPT
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 5222 -j ACCEPT
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 5269 -j ACCEPT
  #external postgresql not used -A INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT


Restart Firewall

service iptables restart



verify the server is connected to the redhat repo and update

yum repolist
yum update
#reboot if required by updates


Register the satellite and create new certificate

Go to access.redhat.com
  * > Subscriptions -> Subscription Management -> Subscription Management Applications
select Satellite and click on [[ Register a Satellite ]]
 [[ Register ]]
 [[ Attach a subscription ]]
 download the certificate and manifest to /root on the new satellite server


Prepare the satellite software for install

scp satellite-5.6.0-20130927-rhel-6-x86_64.iso to the satellite server
mkdir /media/cdrom
mount -o loop /path/to/satellite-5.6.0-20130927-rhel-6-x86_64.iso /media/cdrom


Run the installer

/media/cdrom/install.pl --skip-selinux-test
if proxy fails, if available  configure /etc/rhn/rhn.conf  server.satellite.http_proxy = <myproxyserver.com>:<port>  and  #disconnected=1
/media/cdrom/install.pl --skip-db-install --skip-selinux-test
if it still fails after configuring the proxy
/media/cdrom/install.pl --disconnected --skip-db-install --skip-selinux-test
===
There are some packages from Red Hat Enterprise Linux that are not part
of the @base group that Satellite will require to be installed on this
system. The installer will try resolve the dependencies automatically.
However, you may want to install these prerequisites manually.
Do you want the installer to resolve dependencies [[y/N]]? y

Admin Email Address? <myEmail.com>

where is your satellite certificate file? /root/<myserver>.xml

Should setup configure apache's default ssl server for you (saves original ssl.conf) [[Y]]? Y

CA certificate password? <password>
Re-enter CA certificate password?  <password>
Email Address [[<myemail.com>]]? <myemail.com>
City? <mycity>
State? <mystate>

Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [[Y]]? Y

Installation complete.
Visit https://<mysatellite-address> to create the Red Hat Satellite administrator account.

=> Go to the address and setup the satellite admin account.



Umount the media and update the server again now that it is connected to the rhn-satellite channel

umount /media/cdrom
yum update
# reboot if required by updates


Sync base channels from RHN to the new satellite

satellite-sync --list-channels

satellite-sync -c rhel-x86_64-server-6
satellite-sync -c rhn-tools-rhel-x86_64-server-6
satellite-sync -c rhel-x86_64-server-optional-6
satellite-sync -c rhel-x86_64-server-supplementary-6

#To sync with another satellite server
satellite-sync --iss-parent=stage-satellite.yourorg.com -c rhel-x86_64-server-6

#List Channels previously imported/synced
satellite-sync -l | grep " p "


Add a cron to sync the base channels daily

satellite-sync --email
# without -c it syncs all the local channels that where manually synced before.
# --email sends a report of the sync once done.


Enable Kerberos for AD authentication in the web interface.
Note: Kerberos auth must already be setup at OS level

echo  "pam_auth_service = rhn-satellite" >> /etc/rhn/rhn.conf


vim /etc/pam.d/rhn-satellite

  - %PAM-1.0
auth        required      pam_env.so
auth        sufficient    pam_krb5.so no_user_check
auth        required      pam_deny.so
account     required      pam_krb5.so no_user_check
 

Restart the satellite service

rhn-satellite restart

Enable PAM in each user config in the web interface
Updated: 2018-09-01 17:48:24