Have you ever found yourself in the position where you have an issue with your Satellite or, maybe you just need to do something to it and you don't want to be interrupted while doing so? I'm sure all of us have tried to rectify this by sending out emails to nicely ask people not to login or use the environment. How well did that work for you? I know it never worked well for me. Well, I'm happy to say that we now have a better solution, maintenance mode.
What is Maintenance Mode
Maintenance mode is very simple in design. Enabling maintenance mode rejects access to port 443 on the Satellite server. This means that when your use that didn't check their email tries to use Satellite, it will appear that Satellite is down.
I'm sure the next question is, how do admins get to the Satellite then? Well we will get to that in just a minute.
Using Maintenance Mode
To enable maintenance mode, we will first have to install a new package. Additionally, we have to enable a new repository to access this package. As part of the 6.3 release of Satellite, the Satellite Maintenance repository has been created. This repository contains tools and utilities that can be used to administer and maintain Satellite installations.
- Enable the Satellite Maintenance Repository:
# subscription-manager repos --enable rhel-7-server-satellite-maintenance-6-rpms
- Install foreman-maintain:
# yum install rubygem-foreman_maintain
Now that the package has been installed we can use it to enable and disable maintenance mode at will.
Enable:
# foreman-maintain advanced procedure run maintenance-mode-enable
Disable:
# foreman-maintain advanced procedure run maintenance-mode-disable
Admin Access
Now that we have ensured that no one will be able to use our Satellite, we can focus on working on it. So, how do our admins access the Satellite UI? First things first, we have to make sure all of our admins have ssh access. After we have confirmed this, we need to ensure that we have the ability to port forward over ssh. This is achieved by ensuring that AllowTCPForwarding is set to yes in /etc/ssh/sshd_config. Assuming this is all complete, we can gain access to the Satellite UI using the following process.
- Establish an ssh tunnel to the Satellite server:
# ssh -L 8443:localhost:443 jdoe@sat6.example.com
- Open a browser and navigate to https://localhost:8443.
Obviously, this example assumes that you are using a *nix workstation, but the same can be achieved using PuTTY, SecureCRT, and many other common ssh clients.
Summary
So putting this all together, we now have a way to keep our very energetic Satellite users from gaining access to our Satellite while we are trying to perform maintenance. We have established a way for admins to access our Satellite during maintenance. Finally, we have discussed the system requirements for admin access.
Now, I know that some of you are probably concerned about the fact that we have need enable AllowTCPForwarding. From my experience working in the public sector, I know this is something that is typically flagged on security baselines. So, what I have done in these environments is create a simple wrapper script that will enable this option, restart sshd, and enable maintenance mode. Of course, a similar script would need to be created to back those changes out. Using this method, TCP forwarding is only enabled during maintenance--something that is more permissible by most security teams.
Example Script:
#!/bin/bash # Enable AllowTCPForwarding sed -i 's/^AllowTCPForwarding no/AllowTCPForwarding yes/' /etc/ssh/sshd_config systemctl restart sshd # Put Satellite in maintenance mode foreman-maintain advanced procedure run maintenance-mode-enable
Connect with Red Hat Services
Learn more about Red Hat Consulting
Learn more about Red Hat Training
Learn more about Red Hat Certification
Subscribe to the Training Newsletter
Follow Red Hat Services on Twitter
Follow Red Hat Open Innovation Labs on Twitter
Like Red Hat Services on Facebook
Watch Red Hat Training videos on YouTube
Follow Red Hat Certified Professionals on LinkedIn
執筆者紹介
チャンネル別に見る
自動化
テクノロジー、チーム、環境にまたがる自動化プラットフォームの最新情報
AI (人工知能)
お客様が AI ワークロードをどこでも自由に実行することを可能にするプラットフォームについてのアップデート
クラウドサービス
マネージド・クラウドサービスのポートフォリオの詳細
セキュリティ
環境やテクノロジー全体に及ぶリスクを軽減する方法に関する最新情報
エッジコンピューティング
エッジでの運用を単純化するプラットフォームのアップデート
インフラストラクチャ
世界有数のエンタープライズ向け Linux プラットフォームの最新情報
アプリケーション
アプリケーションの最も困難な課題に対する Red Hat ソリューションの詳細
オリジナル番組
エンタープライズ向けテクノロジーのメーカーやリーダーによるストーリー
製品
ツール
試用、購入、販売
コミュニケーション
Red Hat について
エンタープライズ・オープンソース・ソリューションのプロバイダーとして世界をリードする Red Hat は、Linux、クラウド、コンテナ、Kubernetes などのテクノロジーを提供しています。Red Hat は強化されたソリューションを提供し、コアデータセンターからネットワークエッジまで、企業が複数のプラットフォームおよび環境間で容易に運用できるようにしています。
言語を選択してください
Red Hat legal and privacy links
- Red Hat について
- 採用情報
- イベント
- 各国のオフィス
- Red Hat へのお問い合わせ
- Red Hat ブログ
- ダイバーシティ、エクイティ、およびインクルージョン
- Cool Stuff Store
- Red Hat Summit