Satellite 6 and how to deploy itMaxim Burgerhout <maxim@redhat.com>Solution Architect, Red Hat

AGENDA FOR THE NEXT 60 MINUTES

● A brief introduction into Satellite 6● A brief overview of what is new in Satellite 6.1● A brief overview of what will be new in Satellite 6.2● How to deploy Satellite 6 to make the best use of it?

AGENDA FOR THE NEXT 60 MINUTES

● A brief introduction into Satellite 6● A brief overview of what is new in Satellite 6.1● A brief overview of what will be new in Satellite 6.2● How to deploy Satellite 6 to make the best use of it?

SATELLITE ARCHITECTURE

● Satellite 6 is built from hardened open source technology● Puppet● Foreman● Pulp● Katello● Candlepin

– We have harmonized these best in class projects into a cohesive solution

– Satellite 6 workflows are honed from a decade of experience with Satellite 5

SATELLITE'S COAT OF ARMS

SATELLITE 6 ARCHITECTURE

Multiple &HierarchicalLocations

MultipleCapsules

MultipleOrganizations

Puppet Master

Content Mirror

Discover/Provision

Security Scans

Enroll in IdM

Message Router

Power on/off

SATELLITE 6 ARCHITECTURE

CONTENT AND CONTENT VIEWSAdministrators utilize Satellite’s advanced content management system to construct standard builds in the form of Content Views

Custom Repos

Content Views can optionally be combined into Composite Content Views

Advanced content filtering can be applied on each content view

RPMs Puppet

Docker Images

DEV

QA

PROD

Content Views are published and promoted into life cycle environments, and then mirrored onto local & remote Satellite Capsule(s)

Custom Repos

LIFECYCLE PATHS AND ENVIRONMENTS

v1.0

v2.0

v3.0

v4.0

PROVISIONING

Server roles are modeled using Host Groups

● (Composite) content view and lifecycle environments are added

● Combines content with provisioning templates & Puppet classes

● Activation keys can be added

● Allows for the optional specification of subnet & domain

● Optional provisioning into Red Hat IdM Realm

Custom Repos

Kickstart

Partition table

Subnet

Activation Key(s)

Host Group

Puppet Classes

Domain

Realm

RPMs Puppet

Docker Images

PROD

PROVISIONING

PROD

Managed HostPuppet Agent

DNS, DHCP, TFTP, IdMCustomer Infrastructure

Capsules supply content, orchestrate PXE and Puppet as defined by the Host Group

Puppet

● PXE● Boot iso● Template

Kickstart

Partition table

Subnet

Activation Key(s)

Host Group

Puppet Classes

Domain

Realm

RPMs Puppet

Docker Images

DISCOVERY DNS, DHCP, TFTP, IdMCustomer Infrastructure

Bare Metal/VMs

Satellite 6 Facts DB

● Auto-registration of bare metal hosts & VMs

● Boots a minimal OS with facter● Enables Metal-as-a-Service● Host Groups are applied to

discovered systems

CONFIGURATION MANAGEMENT

External Node Classifier● Satellite 6 Server

Puppet Node● Managed Host

Puppet Master● Satellite 6 Capsule

SUBSCRIPTION MANAGEMENT

● Subscription usage reporting● Control usage using activation keys● Automatic attaching of required subscription● Subscription management of virtual systems

AGENDA FOR THE NEXT 60 MINUTES

● A brief introduction into Satellite 6● A brief overview of what is new in Satellite 6.1● A brief overview of what will be new in Satellite 6.2● How to deploy Satellite 6 to make the best use of it?

FLEXIBLE ERRATA MANAGEMENT

PROD

v1.0

DEV

v3.0

QA

v2.0

v2.1 v1.1

promote promotepromoteRegular periodic

Errata updates

Fast IncidentalErrata updates

LocalMirror

sync

DHCPDNSTFTPIdM

1

2

DISCOVERY RULES

E-MAIL NOTIFICATIONS

● Available and applicable errata for hosts

● New errata after synchronization

● When a host reports a puppet error

● Eventful puppet reports

● Available errata after promotion

OpenSCAP INTEGRATIONTECH PREVIEW

OpenSCAP INTEGRATIONTECH PREVIEW

RED HAT ACCESS INSIGHTSTECH PREVIEW

● Proactive System Management● Early Adopter Program● Expected availability is dec 2015.● First 10 systems are free

RED HAT ACCESS INSIGHTSTECH PREVIEW

AGENDA FOR THE NEXT 60 MINUTES

● A brief introduction into Satellite 6● A brief overview of what is new in Satellite 6.1● A brief overview of what will be new in Satellite 6.2● How to deploy Satellite 6 to make the best use of it?

GENERAL IMPROVEMENTSRemote execution | Scheduling | Inter-Satellite Sync | Unified hosts | Discovery w/o PXE

ATOMIC OSTREE AND CONTAINERSOn-premise enterprise registry for Atomic OS and Docker containers

CONTENT MANAGEMENT IMPROVEMENTSSupport for multiple versions of content views in an environment | Improved smart variable management

COMING IN SATELLITE 6.2 (TENTATIVE)

CAPSULE IMPROVEMENTSObservability | Greater resiliency | Improved command and control

HIGH AVAILABILITYSatellite Server in active-active cluster | Capsules load balanced

PLANNED

AGENDA FOR THE NEXT 60 MINUTES

● A brief introduction into Satellite 6● A brief overview of what is new in Satellite 6.1● A brief overview of what will be new in Satellite 6.2● How to deploy Satellite 6 to make the best use of it?

READ THE '10 STEPS' DOCUMENT

• Comprehensive, validated doc (350p)

• Published: August 2015

• New content type: Solution Guide

• First part of a wider journey

10 STEPS TO BUILD AN SOE1. Setup your System Management Infrastructure

2. Map your Location and Datacenter Structure

3. Define your Definitive Media Library Content

4. Define your Content Lifecycle

5. Define your Core Build

6. Define your Application Content

7. Automate your Provisioning

8. Map your IT Organization & Roles

9. Continuous Lifecycle Management

10. Automate and extend your setup

ACME SAMPLE DATACENTER TOPOLOGY

CONTENT VIEW SCENARIOS

CONTENT VIEW SCENARIOS

• Advantages of this scenario • Highest degree of standardization

• Highest degree of re-usable components

• Puppet modules can ensure cross RHEL release CVs

• Easier handling of separation of respons. on a CV basis

• Overall owner use Composite CVs (immutable CVs)

• Easier handling of independent release cycles

• Disadvantages of this scenario • Additional maintenance of Composite CVs

CONTENT VIEW RECOMMENDATIONS

Content View Filters

• Use filters with caution (especially include filters)

• Filters do not resolve dependencies

• Always select affected repositories

Composite Content Views

• Usage of a repo / module more than once not possible

• CVs could be selected independent of LC ENV

• Consider a separated CV for puppet configuration

WHAT IS A CORE BUILD?

Core Build Characteristics

• Smallest common denominator for OS

• Based on minimal install ( > kickstart definition)

• Includes OS + typical management tools

• Includes basic hardening

• RHEL ABI/API Commitment

Core Build Content View Creation

• Software Repositories (Red Hat & 3rd party)

• Example OS Configuration Puppet Modules

CORE BUILD RECOMMENDATIONS

• Be the smallest common denominator of all Red Hat Enterprise Linux servers

• Be infrastructure (hardware and virtualization) agnostic

• Provides an application or platform-independent OS configuration

• Be a universal size that allows scaling up to all the sizes used

• Be based on a minimal installation

• Contains a partitioning schema and default filesystem layout

• Contains all Red Hat, third-party and custom software required on all systems

• Contains all configuration settings required on all systems

• Typically include basic hardening

ACME APPLICATION ARCHITECTURE

HOSTGROUP HIERARCHY

STEP 8 TOPIC COVERAGE

Sample Roles / Separation of Responsibilities• Admin Role(s)

• IT Ops Mgr (read-only)

• License / Subscription Manager

• OS / Core Build SysEng

• QA Team

Satellite 6 Entities• Satellite 6 Users & User Groups

• Satellite 6 Roles & RBAC