satellite 6 and how to deploy it - red hat · a brief introduction into satellite 6 ... boot iso...
TRANSCRIPT
Satellite 6 and how to deploy itMaxim Burgerhout <[email protected]>Solution Architect, Red Hat
AGENDA FOR THE NEXT 60 MINUTES
● A brief introduction into Satellite 6● A brief overview of what is new in Satellite 6.1● A brief overview of what will be new in Satellite 6.2● How to deploy Satellite 6 to make the best use of it?
AGENDA FOR THE NEXT 60 MINUTES
● A brief introduction into Satellite 6● A brief overview of what is new in Satellite 6.1● A brief overview of what will be new in Satellite 6.2● How to deploy Satellite 6 to make the best use of it?
SATELLITE ARCHITECTURE
● Satellite 6 is built from hardened open source technology● Puppet● Foreman● Pulp● Katello● Candlepin
– We have harmonized these best in class projects into a cohesive solution
– Satellite 6 workflows are honed from a decade of experience with Satellite 5
SATELLITE'S COAT OF ARMS
SATELLITE 6 ARCHITECTURE
Multiple &HierarchicalLocations
MultipleCapsules
MultipleOrganizations
Puppet Master
Content Mirror
Discover/Provision
Security Scans
Enroll in IdM
Message Router
Power on/off
SATELLITE 6 ARCHITECTURE
CONTENT AND CONTENT VIEWSAdministrators utilize Satellite’s advanced content management system to construct standard builds in the form of Content Views
Custom Repos
Content Views can optionally be combined into Composite Content Views
Advanced content filtering can be applied on each content view
RPMs Puppet
Docker Images
DEV
QA
PROD
Content Views are published and promoted into life cycle environments, and then mirrored onto local & remote Satellite Capsule(s)
Custom Repos
LIFECYCLE PATHS AND ENVIRONMENTS
v1.0
v2.0
v3.0
v4.0
PROVISIONING
Server roles are modeled using Host Groups
● (Composite) content view and lifecycle environments are added
● Combines content with provisioning templates & Puppet classes
● Activation keys can be added
● Allows for the optional specification of subnet & domain
● Optional provisioning into Red Hat IdM Realm
Custom Repos
Kickstart
Partition table
Subnet
Activation Key(s)
Host Group
Puppet Classes
Domain
Realm
RPMs Puppet
Docker Images
PROD
PROVISIONING
PROD
Managed HostPuppet Agent
DNS, DHCP, TFTP, IdMCustomer Infrastructure
Capsules supply content, orchestrate PXE and Puppet as defined by the Host Group
Puppet
● PXE● Boot iso● Template
Kickstart
Partition table
Subnet
Activation Key(s)
Host Group
Puppet Classes
Domain
Realm
RPMs Puppet
Docker Images
DISCOVERY DNS, DHCP, TFTP, IdMCustomer Infrastructure
Bare Metal/VMs
Satellite 6 Facts DB
● Auto-registration of bare metal hosts & VMs
● Boots a minimal OS with facter● Enables Metal-as-a-Service● Host Groups are applied to
discovered systems
CONFIGURATION MANAGEMENT
External Node Classifier● Satellite 6 Server
Puppet Node● Managed Host
Puppet Master● Satellite 6 Capsule
SUBSCRIPTION MANAGEMENT
● Subscription usage reporting● Control usage using activation keys● Automatic attaching of required subscription● Subscription management of virtual systems
AGENDA FOR THE NEXT 60 MINUTES
● A brief introduction into Satellite 6● A brief overview of what is new in Satellite 6.1● A brief overview of what will be new in Satellite 6.2● How to deploy Satellite 6 to make the best use of it?
FLEXIBLE ERRATA MANAGEMENT
PROD
v1.0
DEV
v3.0
QA
v2.0
v2.1 v1.1
promote promotepromoteRegular periodic
Errata updates
Fast IncidentalErrata updates
LocalMirror
sync
DHCPDNSTFTPIdM
1
2
DISCOVERY RULES
E-MAIL NOTIFICATIONS
● Available and applicable errata for hosts
● New errata after synchronization
● When a host reports a puppet error
● Eventful puppet reports
● Available errata after promotion
OpenSCAP INTEGRATIONTECH PREVIEW
OpenSCAP INTEGRATIONTECH PREVIEW
RED HAT ACCESS INSIGHTSTECH PREVIEW
● Proactive System Management● Early Adopter Program● Expected availability is dec 2015.● First 10 systems are free
RED HAT ACCESS INSIGHTSTECH PREVIEW
AGENDA FOR THE NEXT 60 MINUTES
● A brief introduction into Satellite 6● A brief overview of what is new in Satellite 6.1● A brief overview of what will be new in Satellite 6.2● How to deploy Satellite 6 to make the best use of it?
GENERAL IMPROVEMENTSRemote execution | Scheduling | Inter-Satellite Sync | Unified hosts | Discovery w/o PXE
ATOMIC OSTREE AND CONTAINERSOn-premise enterprise registry for Atomic OS and Docker containers
CONTENT MANAGEMENT IMPROVEMENTSSupport for multiple versions of content views in an environment | Improved smart variable management
COMING IN SATELLITE 6.2 (TENTATIVE)
CAPSULE IMPROVEMENTSObservability | Greater resiliency | Improved command and control
HIGH AVAILABILITYSatellite Server in active-active cluster | Capsules load balanced
PLANNED
AGENDA FOR THE NEXT 60 MINUTES
● A brief introduction into Satellite 6● A brief overview of what is new in Satellite 6.1● A brief overview of what will be new in Satellite 6.2● How to deploy Satellite 6 to make the best use of it?
READ THE '10 STEPS' DOCUMENT
• Comprehensive, validated doc (350p)
• Published: August 2015
• New content type: Solution Guide
• First part of a wider journey
10 STEPS TO BUILD AN SOE1. Setup your System Management Infrastructure
2. Map your Location and Datacenter Structure
3. Define your Definitive Media Library Content
4. Define your Content Lifecycle
5. Define your Core Build
6. Define your Application Content
7. Automate your Provisioning
8. Map your IT Organization & Roles
9. Continuous Lifecycle Management
10. Automate and extend your setup
ACME SAMPLE DATACENTER TOPOLOGY
CONTENT VIEW SCENARIOS
CONTENT VIEW SCENARIOS
• Advantages of this scenario • Highest degree of standardization
• Highest degree of re-usable components
• Puppet modules can ensure cross RHEL release CVs
• Easier handling of separation of respons. on a CV basis
• Overall owner use Composite CVs (immutable CVs)
• Easier handling of independent release cycles
• Disadvantages of this scenario • Additional maintenance of Composite CVs
CONTENT VIEW RECOMMENDATIONS
Content View Filters
• Use filters with caution (especially include filters)
• Filters do not resolve dependencies
• Always select affected repositories
Composite Content Views
• Usage of a repo / module more than once not possible
• CVs could be selected independent of LC ENV
• Consider a separated CV for puppet configuration
WHAT IS A CORE BUILD?
Core Build Characteristics
• Smallest common denominator for OS
• Based on minimal install ( > kickstart definition)
• Includes OS + typical management tools
• Includes basic hardening
• RHEL ABI/API Commitment
Core Build Content View Creation
• Software Repositories (Red Hat & 3rd party)
• Example OS Configuration Puppet Modules
CORE BUILD RECOMMENDATIONS
• Be the smallest common denominator of all Red Hat Enterprise Linux servers
• Be infrastructure (hardware and virtualization) agnostic
• Provides an application or platform-independent OS configuration
• Be a universal size that allows scaling up to all the sizes used
• Be based on a minimal installation
• Contains a partitioning schema and default filesystem layout
• Contains all Red Hat, third-party and custom software required on all systems
• Contains all configuration settings required on all systems
• Typically include basic hardening
ACME APPLICATION ARCHITECTURE
HOSTGROUP HIERARCHY
STEP 8 TOPIC COVERAGE
Sample Roles / Separation of Responsibilities• Admin Role(s)
• IT Ops Mgr (read-only)
• License / Subscription Manager
• OS / Core Build SysEng
• QA Team
Satellite 6 Entities• Satellite 6 Users & User Groups
• Satellite 6 Roles & RBAC