In this article, we will deploy Red Hat Capsule server and integrate it with Red Hat Satellite 6.
Prerequisites
- We should have already working Red Hat Satellite 6. You can refer Red Hat Satellite 6 installation guide for deploy satellite sever.
- Working dns for resolving satellite and capsule hostnames or you can use flat dns /etc/hosts.
- Rhel 7 OS installed with below disk partitions
/var/lib/mongodb 50 GB
/var/lib/pgsql 20 GB
/var/lib/pulp 500 GB
Let’s update the OS with latest packages
[root@makeuseoflinux ~]# yum update -y
Add below dns entries for name resolution to /etc/hosts
[root@capsule ~]#vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.133 satellite.makeuseoflinux.com
192.168.2.140 capsule.makeuseoflinux.com
Download the capsule installer from satellite server using curl and install it on the capsule server
[root@capsule ~]#curl --insecure --output katello-ca-consumer-satellite.makeuseoflinux.com-1.0-1.noarch.rpm https://satellite.makeuseoflinux.com/pub/katello-ca-consumer-satellite.makeuseoflinux.com-1.0-1.noarch.rpm
[root@capsule ~]#yum localinstall katello-ca-consumer-satellite.makeuseoflinux.com-1.0-1.noarch.rpm
Login to the satellite sever and verify the satellite organization LABEL using hammer command
[root@capsule ~]# hammer -u sateadmin -p Password@123 organization list
---|----------------|----------------|-------------|---------------
ID | TITLE | NAME | DESCRIPTION | LABEL
---|----------------|----------------|-------------|---------------
1 | MAKEUSEOFLINUX | MAKEUSEOFLINUX | | MAKEUSEOFLINUX
---|----------------|----------------|-------------|---------------
Lets register capsule to with the Satellite server
[root@capsule ~]#subscription-manager register --org="MAKEUSEOFLINUX"
Registering to: capsule.makeuseoflinux.com:443/rhsm
Username: sateadmin
Password:
The system has been registered with ID: a9804648-f662-4b11-9f4f-7ac4681e7fcf
The registered system name is: capsule.makeuseoflinux.com
List the available subscriptions and attach it with given pool id.
[root@capsule ~]#subscription-manager list --all --available --matches 'Red Hat Satellite Infrastructure Subscription'
[root@capsule ~]#subscription-manager attach --pool=4028ffa8791890e70179278e43930b66
Successfully attached a subscription for: Red Hat Satellite Infrastructure Subscription
Verify the subscriptions
[root@capsule ~]#subscription-manager list --consumed
Disable all the repos and enable below repos for the capsule server
[root@capsule ~]#subscription-manager repos --disable "*"
[root@capsule ~]#subscription-manager repos --enable=rhel-7-server-rpms \
--enable=rhel-7-server-satellite-capsule-6.9-rpms \
--enable=rhel-7-server-satellite-maintenance-6-rpms \
--enable=rhel-7-server-satellite-tools-6.9-rpms \
--enable=rhel-server-rhscl-7-rpms \
--enable=rhel-7-server-ansible-2.9-rpms \
--enable=rhel-7-server-extras-rpms \
--enable=rhel-7-server-optional-rpms
[root@capsule ~]#yum clean all
[root@capsule ~]#yum repolist enabled
[root@capsule ~]#unset http_proxy ## also remove proxy from /etc/yum.conf if any
Let now update the packages
[root@capsule ~]#yum update -y
Deploying Red Hat Capsule Server
First login to satellite server and generate the certificate for the capsule server.
[root@satellite ~]#mkdir /root/capsule_cert
Replace the capsule fqdn as per your environment
[root@satellite ~]# capsule-certs-generate --foreman-proxy-fqdn capsule.makeuseoflinux.com --certs-tar /root/capsule_cert/capsule.makeuseoflinux.com_certs.tar
Copy the certificate to the capsule server
[root@satellite ~]#scp /root/capsule_cert/capsule.makeuseoflinux.com_certs.tar [email protected]:/root/capsule.makeuseoflinux.com_certs.tar
Add below dns entries for name resolution
Now install the satellite-capsule installer package
[root@capsule ~]#yum install satellite-capsule
Lets install and configure the capsule with below parameters
[root@capsule ~]#satellite-installer --scenario capsule \
--certs-tar-file "/root/capsule.makeuseoflinux.com_certs.tar"\
--foreman-proxy-content-parent-fqdn "satellite.makeuseoflinux.com"\
--foreman-proxy-register-in-foreman "true"\
--foreman-proxy-foreman-base-url "https://satellite.makeuseoflinux.com"\
--foreman-proxy-trusted-hosts "satellite.makeuseoflinux.com"\
--foreman-proxy-trusted-hosts "capsule.makeuseoflinux.com"\
--foreman-proxy-oauth-consumer-key "6dp8XE5btRB8EtiyGX9bzJVVFFnRSubL"\
--foreman-proxy-oauth-consumer-secret "oYyHQAZa6cc9EfhrPmudwosLLA92CWu6"\
--puppet-server-foreman-url "https://satellite.makeuseoflinux.com"
Lets install openscap and remote execution ssh plugins
[root@capsule ~]#satellite-installer --scenario capsule \
--enable-foreman-proxy-plugin-openscap
[root@capsule ~]#satellite-installer --scenario capsule \
--enable-foreman-proxy-plugin-remote-execution-ssh
We have successfully deployed our capsule server.
Adding Life Cycle Environments to Red Hat Capsule Server
To add a life cycle environment to Capsule Server, complete the following steps:
- In the Satellite web UI, navigate to Infrastructure > Capsules, and select the Capsule that you want to add a life cycle to
- Click Edit and click the Life Cycle Environments tab.
- From the left menu, select the life cycle environments that you want to add to Capsule and click Submit.
- To synchronize the content on the Capsule, click the Overview tab and click Synchronize
- Select either Optimized Sync or Complete Sync
- Please refer Redhat article for more information
Registering RHEL Guest OS/ Clients with Satellite/Capsule servers
Add below dns entries for name resolution to /etc/hosts
#vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.133 satellite.makeuseoflinux.com
192.168.2.140 capsule.makeuseoflinux.com
To register the RHEL guest OS, we need to install the katello-ca-consumer package from Capsule server.
[root@client ~]# yum localinstall \
https://capsule.makeuseoflinux.com/pub/katello-ca-consumer-capsule.makeuseoflinux.com-1.0-1.noarch.rpm
OR we can use wget to download first and then install
[root@client ~]#wget --no-check-certificate https://capsule.makeuseoflinux.com/pub/katello-ca-consumer-capsule.makeuseoflinux.com-1.0-1.noarch.rpm
[root@client ~]#rpm -ivh katello-ca-consumer-capsule.makeuseoflinux.com-1.0-1.noarch.rpm
Install katello agent
[root@client ~]#yum install katello-agent
Start the goferd service
[root@client ~]#systemctl start goferd
[root@client ~]#systemctl status goferd
Register the guest OS with the capsule server
[root@client ~]#subscription-manager register --org="MAKEUSEOFLINUX"
Registering to: capsule.makeuseoflinux.com:443/rhsm
Username: sateadmin
Password:
The system has been registered with ID: a9704648-f462-4b13-9f2f-7af4681l7fcd
The registered system name is: client.makeuseoflinux.com
Now you can patch and update the guest os.
[root@client~]# yum update -y
Conclusion
We have successfully deployed red hat capsule server and also we have registered RHEL guest os with the capsule server for patching.
IMP error: for ipv6 error while capsule installation make sure in /etc/hosts file there in no space before ip address and it should have
Solution: make sure you have fqdn pointing to your satellite and capsule
vi /etc/hosts
192.168.2.133 satellite.makeuseoflinux.com
192.168.2.140 capsule.makeuseoflinux.com
Missing package error for python,etc
Solution: make sure optional and extra rhel 7 packages are enabled on satellite as well as capsule
2021-05-08 10:14:59 [ERROR ] [configure] Proxy dcpr-web-cap.test.com cannot be registered: Unable to communicate with the Capsule: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([Net::HTTPServerException]: 403 “Forbidden”) for Capsule https://dcpr-web-cap.test.com:9090/v2/features Please check the Capsule is configured and running on the host.
2021-05-08 10:14:59 [ERROR ] [configure] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[dcpr-web-cap-cm01.nseroot.com]/ensure: change from ‘absent’ to ‘present’ failed: Proxy dcpr-web-cap.test.com cannot be registered: Unable to communicate with the Capsule: ERF12-2530 [ProxyAPI::ProxyException]: Unable to detect features ([Net::HTTPServerException]: 403
“Forbidden”) for Capsule https://dcpr-web-cap.test.com:9090/v2/features Please check the Capsule is configured and running on the host.
2021-05-08 10:15:01 [NOTICE] [configure] System configuration has finished.
There were errors detected during install.
Solution:
Add capsule IP to proxy exception list from satellite GUI:
1) Check if a proxy is set for all outgoing HTTP connections from Satellite:
Satellite webUI -> Administer -> Setting -> General -> HTTP(S) proxy
2) As workaround ,add the capsule FQDN/IP to “HTTP(S) proxy except hosts” from the satellite webUI:
Satellite webUI -> Administer -> Setting -> General -> HTTP(S) proxy except hosts
subscription-manager register –org=”mytestdomain” –activationkey=”OS-Key” –force
Unregistering from: dcpr-web-mytestdomain:8443/rhsm
Unable to verify server’s identity: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:618)
Solution:
open /etc/rhsm/rhsm.conf and set insecure=1 to disable ssl