Bug 1281657 - Suggestions to the Satellite 6 Installation Guide - Sections 1.4.1, 2.1.1 and 2.1.2
Suggestions to the Satellite 6 Installation Guide - Sections 1.4.1, 2.1.1 and...
Status: CLOSED NOTABUG
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Docs Install Guide (Show other bugs)
6.1.0
Unspecified Unspecified
high Severity high (vote)
: Unspecified
: --
Assigned To: Russell Dickenson
David O'Brien
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-12 21:05 EST by belong
Modified: 2015-11-29 20:28 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-29 20:28:47 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description belong 2015-11-12 21:05:41 EST
Email from Andrew Spurrier:

I am working through a Satellite 6 install and I have the following suggestions to the: https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.1/html-single/Installation_Guide/index.html#sect-Red_Hat_Satellite-Installation_Guide-Prerequisites-Base_Operating_System

1.4.1. Base Operating System
(There is a conflict in sections 1.4.1 and 2.1.1 as they tell you to subscribe to different pools and both sections are *wrong*.)

Change:

    # subscription-manager subscribe --pool=Red_Hat_Enterprise_Linux_Pool_Id 

To:

    # subscription-manager subscribe --pool=Red_Hat_Satellite_Pool_Id 

(There is a conflict in sections 1.4.1 and 2.1.2 as 1.4.1 gets you to subscribe and update but for a disconnected user this will work and section 2.1.2 correctly leaves out those instructions.)



2.1.1. Downloading from a Connected Network
Sub-point 2. Attach a subscription to the registered system:
Change:

    # subscription-manager subscribe --pool=Red_Hat_Satellite_Pool_Id \
    && subscription-manager subscribe --pool=Red_Hat_Enterprise_Linux_Pool_Id \
    && subscription-manager subscribe \
    --pool=Red_Hat_Enterprise_Linux_Software_Collections_Pool_Id 

To:

    # subscription-manager subscribe --pool=Red_Hat_Satellite_Pool_Id

Add in the "yum update" instructions like in section 1.4.1.  Otherwise consider rationalising both sections and only get the user to subscribe once and update once.
Comment 1 Andrew Spurrier 2015-11-13 20:36:29 EST
Hayley,

I have tidied up my notes for the Satellite 6.1 install on RHEL 7.  I had issues with failing to find package dependencies and have included additional steps to remove existing entitlements, repositories and the dreaded "java" packages.

I am happy to discuss technical aspects in how to appropriately make these instructions suitable to RHEL 6 and disconnected installations if necessary.

You can view my latest guide, which distils the content of chapters 1 and 2, at:
http://spuddidit.blogspot.com.au/2015_11_01_archive.html


I chose to break out the Firewall commands into individual services as I believe most enterprises would not include DNS, DHCP and TFTP on their Satellite instance.  Even Puppet would is likely to be excluded if they are already have their own Puppet infrastructure.
Andrew
Comment 2 belong 2015-11-16 23:54:40 EST
Assigning to Russell, as discussed with Adam.
Comment 3 Russell Dickenson 2015-11-17 00:31:13 EST
@Andrew,

Being new to Satellite I have a keen interest in seeing the Installation Guide improved, so thank you for raising these issues. I will read through your comments and contact you again shortly.
Comment 4 Andrew Spurrier 2015-11-23 07:37:29 EST
Not that it seemed to affect the installation I just added the following command to my guide which was already in Chapter 1.4.1 of the Installation Guide.

 subscription-manager release --set=7Server
Comment 5 Andrew Spurrier 2015-11-23 07:55:53 EST
Broken link "404" at Procedure 5.2. To Update a Self-Registered Satellite:

Link Text:   Red Hat Satellite 6.1 User Guide 
Link URL:  https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.1/html/User_Guide/ch18s02.html
Comment 6 Andrew Spurrier 2015-11-23 23:18:29 EST
Satellite 6 Installation Guide
Table 1.7. SELinux Commands to Change Default Port Assignments
The port 5671 on line "5671 	semanage port -a -t amqp_port_t -p tcp 99999 " does not exist *anywhere* else in the document.  I think it is supposed to be 5647.
Comment 7 Andrew Spurrier 2015-11-23 23:23:47 EST
Oh and what is a good description for port 5674 and "katello agent" is not an answer.  Which way are connections made and what is the point of it.  What breaks if the port is disallowed.
Comment 8 Andrew Spurrier 2015-11-24 01:50:32 EST
While listing all the firewall rules consider the following two services:
   * LDAPS
   * SSH

While strictly not necessary they are always included in enterprise environments.  As precedence I offer the Puppet service in Sat 6 which is optional and frequently turned off in Enterprise deployments and yet it is listed in our list of ports as thought it is something that must be turned on.
Comment 9 Andrew Spurrier 2015-11-24 01:58:26 EST
Port 9090 in 
"Table 7.1. Ports for Satellite to Capsule Communication" and 
"Table 7.3. Ports for Client to Capsule Communication" 

should provide a consistent definition.  I don't know if it is true but I think Table 7.1's port 9090 should read:

"Picking up managed client SCAP reports from the proxy in the Capsule"
Comment 10 Andrew Spurrier 2015-11-24 02:14:23 EST
Table 7.3. Ports for Client to Capsule Communication
Port 9090
So managed clients use 9090 to send in their SCAP reports to a Capsule.
Where is the equivalent service in Chapter 1 for when managed clients connect directly to a Satellite?
Comment 11 Andrew Spurrier 2015-11-24 02:15:52 EST
(In reply to Andrew Spurrier from comment #8)
> While listing all the firewall rules consider the following two services:
>    * LDAPS
>    * SSH
> 
> While strictly not necessary they are always included in enterprise
> environments.  As precedence I offer the Puppet service in Sat 6 which is
> optional and frequently turned off in Enterprise deployments and yet it is
> listed in our list of ports as thought it is something that must be turned
> on.

I found them in Table 1.6 and I agree with their location.  I withdraw the request.
Comment 12 Andrew Spurrier 2015-11-24 02:19:40 EST
Where is the connection from Sat-6 to virtualisation manager in the list of ports in Chapter 1.

For VMware I assume this happens on 443.
As A precedence I offer that the connection to RH CDN on port 443 is listed.  It too is an outbound connection the same as the one for virt-who.

Note You need to log in before you can comment on or make changes to this bug.