《OpenShift / RHEL / DevSecOps 汇总目录》
说明
本文介绍如何在一个可以直接访问 Internet 的主机上安装 Red Hat Satellite 6.14 环境,该环境包括了 Satellite 服务器、集成的 Capsule 服务器以及其他所有必要组件。
安装前置要求
- 主机至少 CPU 4-core/内存 20 GB/硬盘 400 GB,主机可以访问互联网。
- 安装带有 GUI 的 RHEL 8,参考“存储容量分配”分配硬盘空间。
- 有 RHEL 订阅和 Red Hat Satellite 订阅。
注意:以下所有命令操作都在安装好的 RHEL8 上使用 root 用户执行。
解析主机名
生产环境最好使用 DNS 解析所有主机名,而本文为简化采用的是 hosts 文件解析主机名。
- 查看主机名。
$ hostname
satellite
- 在 /etc/hosts 文件中添加以下内容(可替换 IP),来解析安装主机名和长域名。
192.168.203.171 satellite.example.local satellite
设置 SELinux 和防火墙
- 必须启动 RHEL 的 SELinux,enforcing 或 permissive 均可。执行以下命令确认 SELinux 的状态:
$ getenforce
- 打开防火墙指定端口。
$ firewall-cmd \
--add-port="53/udp" --add-port="53/tcp" \
--add-port="67/udp" \
--add-port="69/udp" \
--add-port="80/tcp" --add-port="443/tcp" \
--add-port="5647/tcp" \
--add-port="8000/tcp" --add-port="9090/tcp" \
--add-port="8140/tcp"
$ firewall-cmd --runtime-to-permanent
$ firewall-cmd --list-all
安装 Satellite 环境
- 执行命令注册当前主机系统,其中 username 和 password 是用户访问 Red Hat 的账号和密码。
$ subscription-manager register --username xxx --password yyy
- 执行命令,在可用的订阅中找到包含 Red Hat Satellite 的 Pool ID,然后将其附加到 subscription-manager。
$ subscription-manager list --all --available
$ subscription-manager attach --pool=POOL-ID
- 启用 Repository。
$ subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms \
--enable=rhel-8-for-x86_64-appstream-rpms \
--enable=satellite-6.14-for-rhel-8-x86_64-rpms \
--enable=satellite-maintenance-6.14-for-rhel-8-x86_64-rpms
- 启用模块。此步如果出现错误,可参考“此文”解决。
$ dnf module enable satellite:el8
- 更新系统。
$ dnf update
- 安装并启用 chronyd 服务
$ dnf install chronyd
$ systemctl enable --now chronyd
- 安装 Satellite 所需软件包。
$ dnf install satellite
- 安装配置 Satellite 相关服务环境。
$ satellite-installer --scenario satellite \
--foreman-initial-organization "My_Organization" \
--foreman-initial-location "Beijing" \
--foreman-initial-admin-username admin \
--foreman-initial-admin-password password
2023-11-26 17:32:18 [NOTICE] [root] Loading installer configuration. This will take some time.
2023-11-26 17:32:25 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2023-11-26 17:32:25 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2023-11-26 17:40:52 [NOTICE] [configure] Starting system configuration.
2023-11-26 17:43:41 [NOTICE] [configure] 250 configuration steps out of 1606 steps complete.
2023-11-26 17:45:48 [NOTICE] [configure] 500 configuration steps out of 1607 steps complete.
2023-11-26 17:46:49 [NOTICE] [configure] 750 configuration steps out of 1609 steps complete.
2023-11-26 17:53:51 [NOTICE] [configure] 1000 configuration steps out of 1634 steps complete.
2023-11-26 17:56:23 [NOTICE] [configure] 1250 configuration steps out of 1636 steps complete.
2023-11-26 18:07:27 [NOTICE] [configure] 1500 configuration steps out of 1636 steps complete.
2023-11-26 18:14:02 [NOTICE] [configure] System configuration has finished.
Success!
* Satellite is running at https://satellite.example.local
Initial credentials are admin / password
* To install an additional Capsule on separate machine continue by running:
capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar"
* Capsule is running at https://satellite.example.local:9090
The full log is at /var/log/foreman-installer/satellite.log
Package versions are being locked.
- 根据提示打开浏览器登录 Satellite 控制台 https://satellite.example.local
查看 Satellite 相关服务状态
- 执行命令查看 Satellite 相关服务状态。
$ satellite-maintain service list
Running Service List
================================================================================
List applicable services:
dynflow-sidekiq@.service indirect
foreman-proxy.service enabled
foreman.service enabled
httpd.service enabled
postgresql.service enabled
pulpcore-api.service enabled
pulpcore-content.service enabled
pulpcore-worker@.service indirect
redis.service enabled
tomcat.service enabled
All services listed [OK]
--------------------------------------------------------------------------------
- 执行 Satellite 服务健康检查。
$ satellite-maintain health check
Running ForemanMaintain::Scenario::FilteredScenario
================================================================================
Check number of fact names in database: [OK]
--------------------------------------------------------------------------------
Check whether all services are running: [OK]
--------------------------------------------------------------------------------
Check whether all services are running using the ping call: [OK]
--------------------------------------------------------------------------------
Check for paused tasks: [OK]
--------------------------------------------------------------------------------
Check whether system is self-registered or not: [OK]
--------------------------------------------------------------------------------
- 也可使用 hammer 命令执行 Satellite 服务健康检查。
hammer ping
database:
Status: ok
Server Response: Duration: 0ms
candlepin:
Status: ok
Server Response: Duration: 44ms
candlepin_auth:
Status: ok
Server Response: Duration: 31ms
candlepin_events:
Status: ok
message: 0 Processed, 0 Failed
Server Response: Duration: 0ms
katello_events:
Status: ok
message: 0 Processed, 0 Failed
Server Response: Duration: 0ms
pulp3:
Status: ok
Server Response: Duration: 239ms
pulp3_content:
Status: ok
Server Response: Duration: 59ms
foreman_tasks:
Status: ok
Server Response: Duration: 7ms
更新管理员密码
- 执行命令可将管理员密码设为 redhat123。
$ foreman-rake permissions:reset password=redhat123
- hammer 是 Satellite 的命令行工具。在本地执行 hammer 命令的时候会默认使用 foreman.yml 中保存用户名和密码。不过为了安全也可删除改文件中的密码,这样每次执行 hammer 命令都需要提供密码。
$ cat .hammer/cli.modules.d/foreman.yml
:foreman:
# Credentials. You'll be asked for the interactively if you leave them blank here
:username: 'admin'
:password: 'redhat123'
参考
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html-single/installing_satellite_server_in_a_connected_network_environment/index
https://role.rhu.redhat.com/rol-rhu/app/courses/rh403-6.11/pages/ch01s05
316
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
