In part 1 we discussed the prerequisites required to get Redhat Satellite 6.2 ready as a provisioning platform. Although there were quite a few tasks, as previously mentione d, in the main these are a one off activity and once set up, make provisioning hosts a quick and easy operation.

I had some great feedback from part 1 which was much appreciated. In particular from Redhat, and via Reddit all of whom pointed out that it’s not necessary to set up Satellite as a DHCP server if you’re relying on external DHCP servers. I tried out their suggestions and they are indeed correct.

So, bearing this in mind, I updated my configuration from part 1 as follows. First I disabled DHCP on the Satellite server:

# satellite-installer --foreman-proxy-dhcp false

Installing Done [100%]

[........................................................................................]

Success!

* Satellite is running at https://satellite1.justsomestuff.co.uk

* To install additional capsule on separate machine continue by running:

capsule-certs-generate --capsule-fqdn "$CAPSULE" --certs-tar "~/$CAPSULE-certs.tar"

The full log is at /var/log/foreman-installer/satellite.log

# hammer proxy info --name satellite1.justsomestuff.co.uk

Name: satellite1.justsomestuff.co.uk

URL: https://satellite1.justsomestuff.co.uk:9090

Features:

Pulp

Puppet

Puppet CA

Dynflow

Discovery

Openscap

SSH

Locations:

Here

There

Organizations:

JSS

Created at: 2016/12/16 09:17:31

DHCP is no longer listed as feature. Next, in the subnet settings, set IPAM to none but keep Boot mode as DHCP.

Under the capsules tab, set DHCP server to none but keep the TFTP Capsule setting.

Now the Windows DHCP servers will get used by Satellite still acts as the TFTP server.

Building a host

Build configurations

The way a server is built is still dependent on a kickstart file. However, the kickstart file is built from a number of templates that are part of Satellite. Satellite 6 uses ERB templates. I’ve got to say, I thought erb was something Rastas smoked. However, googling it I found out that in fact stands for Epic Rap Battles. Somewhere on page 3 of the Google results I found that it also stands for Embedded RuBy templates. So first there was XML, then JSON and YAML, now ERB. I asked a few of my peers if they’ve come across ERB before. I was told that they use them in their cooking all the time. Someone else told me (and i have no idea whether this is true) that a lot of Satellite is coded in Ruby so maybe that explains the choice.

Anyway, after an initial period of bafflement, the ERB templates started to make sense. I think that this area of satellite isn’t as well documented as it could be. For example, there’s quite a large number of inbuilt templates without any explanation of what they’re for. You can guess from the name though and reading through the templates gives you more clues. However, a list with a brief explanation wouldn’t have gone a miss.

Another thing that initially confused me was the use of snippets in the template. It was obvious that a snippet was a kind of function that got inserted into the template. What wasn’t obvious was exactly what they did. I wanted to check a couple out, but where were they stored? I was searching through directories for snippet files so I could take a look at them, only to eventually realise that they were stored in the same way as templates and you could view them from the templates screen.

The templates that will be used are defined as part of the Operating System options:

I selected Satellite Kickstart as the provisioning template, which is a clone of the bundled Satellite Kickstart Default template. I added the following customisations:

Additonal packages added:



%packages --ignoremissing

yum

dhclient

ntp

wget

@Core

@system-admin-tools

@british-support

@directory-client

@network-file-system-client

@perl-runtime

@server-platform

@java-platform

-postfix

sendmail



I also wanted the authorised keys installed as part of the build. For this I created a snippet:

# Install JSS public keys

cd /root

cat >> .ssh/authorized_keys << "PUBLIC_KEY"

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzQVqagfLlhYJfKqemCB5HP8VC…etc

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA80OxvoslPRtsKy/xh3fWQIknIcY9…etc

ssh-dss AAAAB3NzaC1kc3MAAACBAJ6Nml0w/3rt1mlsfRv8p1fxVFQoW+s..etc

PUBLIC_KEY

chmod 600 .ssh/authorized_keys



Inserting the following line into the template will cause the snippet to get called:

<%= snippet('add_authorized_keys') %>

If the host is a VM, I would like to install VMWare tools. Again a snippet is created to install the VMWare public key:



# Install public keys

cd /var/tmp

cat >> VMWARE-PACKAGING-GPG-RSA-KEY.pub << "PUBLIC_KEY"

Version: GnuPG v1.4.7 (GNU/Linux)

mI0ESAP+VwEEAMZylR8dOijUPNn3He3GdgM/kOXEhn3uQl+sRMNJUDm1qebi2D5b

Qa7GNBIlXm3DEMAS+ZlkiFQ4WnhUq5awEXU7MGcWCEGfums5FckV2tysSfn7HeWd

Etc…

PUBLIC_KEY

The snippet is then called:

<% if @host.params['vmware-server'] == 'yes' %>

# install vmware tools if vmware-paremeter is set

subscription-manager attach --pool=8ace201659a6d5d20159cb2d1484078b

<%= snippet('vmware_tools_GPG_key') %>

rpm --import /var/tmp/VMWARE-PACKAGING-GPG-RSA-KEY.pub

yum -t -y -e 0 install vmware-tools-core vmware-tools-services vmware-tools-user vmware-tools-esx-nox

<% end -%>



A couple of things need explaining here. I had already created a repository for VMWare tools following the procedure documented in part 1 . Secondly, when a host is built, there’s an option to add custom parameters. If a parameter called vmware-server is created and given a value of “yes“, this part of the template is executed. The vmware repository is attached, the key imported and then vmware tools installed via the yum command.

Starting a host build

Finally, we are ready to build a host! This is now very easy.

On the Satellite GUI, go to Hosts > New Hosts. Enter the server name in the Name Field, Organization will be JSS (in my case), choose the appropriate Location and select a Host Group. As soon as a Host Group is selected, the fields will be auto populated.

If the host is a VM, change Deploy On from Bare Metal to the appropriate Compute Resource. A Compute profile will be auto populated. To ensure VMWare Tools are installed, create a Host parameter, vmware-server with a value of yes. As was seen in the previous section, this will lead to the VMWare tools packages being installed from the custom repository previously created.

Once you click on submit, the server will be built including creating the VM if appropriate, building the OS according to a kickstart file created by Satellite, registering with Satellite, applying updates, installing puppet with the puppet modules defined and any other post install activities defined in the provisioning template.

That’s it, your Satellite server is now ready to provision hosts. As mentioned in part 1, I intend to check out provisioning to AWS and containers with Satellite so there may well be a part 3 sometime 🙂 . Also, don’t forget you can follow JustSomeStuff on twitter @itsjustsomestuf and my blog , Sysadmin Diaries, is at daengkhao.tumblr.com. Bye for now!

P.S. The guys also asked me to mention the wiki at http://justsomestuff.co.uk/wiki/doku.php/start , contributions always welcome!

Save

Save

Save