Using Red Hat Satellite is a great way to manage your RHEL servers and contents including updating, patching or installing software packages. A new method for remote content management was introduced with Satellite 6.2 which is called Remote Execution. (katello-agent is deprecated and you will see message like below).
Read Getting started with Red Hat Satellite remote execution.
Satellite Server or Capsule need to access the remote host to perform Remote Execution jobs and this access can be implemented using SSH key based authentication. You have different methods to distribute ssh keys to remote hosts. (You can also manually copy the public content to ~/.ssh/authorized_keys
on target system if neither methods are working).
Create ~/.ssh
directory if does not exist and copy the public key from Satellite server API as show below.
Download the SSH key from Satellite/Capsule
[[email protected] ~]# curl https://satvm.lab.local:9090/ssh/pubkey >> ~/.ssh/authorized_keys
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 411 100 411 0 0 2065 0 --:--:-- --:--:-- --:--:-- 2075
Configure permissions for the ~/.ssh directory:
# chmod 700 ~/.ssh
Configure permissions for the authorized_keys file:
# chmod 600 ~/.ssh/authorized_keys
Configure permissions for the ~/.ssh
directory and authorized_keys
file.
[[email protected] ~]# chmod 700 ~/.ssh
[[email protected] ~]# chmod 600 ~/.ssh/authorized_keys
If the API method is not working for you, then from Satellite server, use ssh-copy-id
command to copy the public key ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub
to remote content host.
# ssh-copy-id -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy [email protected]
Verify Satellite/Capsule to Remote Host access using SSH Key
Once you have deployed the ssh key to remote host, verify the password-less access from Satellite or Capsule server.
[[email protected] ~]# ssh -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy [email protected]
Last login: Fri Nov 5 05:35:08 2021 from 192.168.1.69
[[email protected] ~]#
Goto Monitor -> Jobs -> Run Job
Apply appropriate filter to select the hostname and submit job. (You can use any commands to test like uptime
, date
or some simple commands.)
You will see details of jobs in next screen as below.
If you want to see details of job, then scroll down and select the host to find job output.
And you will see the command output as below.
Once you have implemented the Remote Execution for content hosts, you can install packages and updates from Satellite GUI without login to individual hosts.
Hosts -> Content Hosts -> Select the hosts and select Manage Packages from Action menu.
Enter the package details and select and action (Install/Update/Remove)using Remote Execution.
You will see the job details in next screen.
Verify the package installation on remote host
[[email protected] ~]# yum list installed tree
Updating Subscription Management repositories.
Installed Packages
tree.x86_64 1.7.0-15.el8 @rhel-8-for-x86_64-baseos-rpms
Follow the same steps as previous but select Manage Erratas. In the pop-up screen, select required erratas or Select ALL xx option.
Then click Install Selected -> via remote execution
Wait for the job to be completed and verify on remote host as well. You can monitor the job anytime from the Monitor -> Jobs screen.
You can see the logs without login to individual remote hosts which will be more easy compared to standard manual method of installation or upgrade.
Read Red Hat Satellite – Managing Hosts official documentation.
See all of our Red Hat Satellite guides to learn more.
Disclaimer: The views expressed and the content shared are those of the author and do not reflect the views of the author’s employer or techbeatly platform.
Gineesh Madapparambath
Gineesh Madapparambath is the founder of techbeatly and he is the author of the book - ๐๐ป๐๐ถ๐ฏ๐น๐ฒ ๐ณ๐ผ๐ฟ ๐ฅ๐ฒ๐ฎ๐น-๐๐ถ๐ณ๐ฒ ๐๐๐๐ผ๐บ๐ฎ๐๐ถ๐ผ๐ป.
He has worked as a Systems Engineer, Automation Specialist, and content author. His primary focus is on Ansible Automation, Containerisation (OpenShift & Kubernetes), and Infrastructure as Code (Terraform).
(aka Gini Gangadharan - iamgini.com)
This site uses Akismet to reduce spam. Learn how your comment data is processed.2 Responses
Leave a Reply Cancel reply
Thanks for the article.
To be able to download keys from satellite, you need to provide full FQDN of Satellite. If not you will see:
like below:
curl https://sateliite.domain.com:9090/ssh/pubkey
Yes correct.
Anything wrong in the article? please share