Red Hat 블로그
There are multiple use cases for Red Hat Satellite where the Satellite server is not connected directly to the Internet (through a proxy or otherwise). It may be the case that an organization requires a very high security standard against attacks originating from the Internet. Sometimes the connection to the internet is unavailable or extremely slow and costly.
Red Hat Satellite supports the use case where a Satellite server is disconnected or hosted on a network without access to the internet. Content updates to the disconnected Satellite server require extra steps. RPMs, Ansible collections, files, etc., are defined as Content. This post will describe how to perform Content updates to the disconnected Satellite server.
This post assumes that content is not synchronized and there are no configured content views. Please refer to the official documentation on configuring and managing content in Red Hat Satellite for more information.
As well, please ensure that the Satellite server has enough storage capacity to contain the exported content. The quantity of free space required depends on the amount of data intended for export. If you export a single repo with 10GB of data, you must have at least 10GB of free space.
The process to perform Content updates to a disconnected Satellite server requires the following steps:
Create a content view containing the required content, such as desired RPM repositories.
Export the content.
Import the content after transferring it over to the disconnected Satellite server.
We will also provide information on how to perform incremental updates and "chunking" the exports to facilitate the use of portable storage media.
Create Content View
On the right-hand-side menu, mouse over "Content" and click on "Content Views".
Next, click on "Create New View".
In this example, we’ll (1) name the content view "rhel8 example" then (2) click save.
Next we’ll add two relatively small yum repositories to the content view, (1) "Red Hat Ansible Engine 2.9" and (2) "Red Hat Satellite Tools 6.10." Then click (3) "Add Repositories." Then click (4) "Publish New Version".
Finally, on the next menu, click "Save".
For more information on creating content views, see the following documentation here.
Change the Repository download policy to "Immediate"
By default, a repository synchronized with a Satellite server is configured with an "On demand" Download Policy. This means that metadata is synchronized to the Satellite server, and packages are only downloaded when clients request them. All RPM packages are downloaded and stored on the Satellite server when the Download Policy is set to "Immediate".
To export content to a disconnected Satellite server, configure the Repository Download Policy to "Immediate". If it is so desired, change the default download policy to "Immediate" by following the official documentation here.
To configure an "Immediate" download policy for a single repository, complete the following procedure.
On the menu click on (1) Content, then (2) Products.
Select the Product containing your desired repository to export. In this case, we’ll change the download policy to the "Red Hat Ansible" repo first. Click on "Red Hat Ansible Engine".
Then click on the repository. In this case, it’s "Red Hat Ansible Engine 2.9 RPMs for Red Hat Enterprise Linux 7 Server x86_64".
Clicking on the "Download Policy" dropdown menu and select "Immediate" and then click "Save".
Synchronize the repository by clicking "Sync Now".
Satellite will download all the packages in the specified repository. Wait for the synchronization task to complete and then proceed to the next step.
Log in to the CLI of the Satellite server containing the content to be exported. To speed up this example, We’ll be using the
root account. In practice, you should be using
We’ll need to find out the version of our content view to export. Enter
hammer content-view version list.
We’ll export version 1.0 of this content view.
To export the content view, enter
hammer content-export complete version --id 7.
That completes the task of exporting the content.
Move Content to Disconnected Satellite Server
In the previous step, the content view
RHEL8_for_Export was exported to the directory
/var/lib/pulp/exports/Acme_Org/rhel8_example/1.0/2021-11-23T18-59-49-00-00/. All the data contained in that directory must be moved to the disconnected Satellite server (on USB sticks, portable HDs, or any other portable media).
Copy the data from the connected Satellite server into the directory
/var/lib/pulp/imports on the disconnected Satellite server.
It is important to make sure that the imported data is owned by the pulp user on the disconnected satellite server. In this example, the imported data is owned by the root user.
Enter the command chown
-R pulp:pulp (content to be imported).
Now we’ll import the data. Enter the command
hammer content-import version --organization-id=1 --path=/var/lib/pulp/imports/2021-11-23T18-59-49-00-00/.
In the WebUI on the disconnected Satellite server, we can see that the content view has been imported.
Update Content View
To demonstrate an incremental update, we’ll update the content view on the connected Satellite server by removing the "Red Hat Ansible Engine 2.9 RPMs for Red Hat Enterprise Linux 7 Server x86_64" repository. Then we’ll create a new version of the content view. Then we’ll perform an incremental update of the disconnected Satellite server with the new version of the "rhel8 example" content view.
We’ll navigate to the "rhel8 example" content view.
Check the (1] "Red Hat Ansible Engine 2.9 RPMs for Red Hat Enterprise Linux 7 Server x86_64" repository then click (2) "Remove Repositories".
Click on "Publish New Version".
Click on "Save"
A new version of the content view will be published.
Export Increment of the Content View
On the CLI of the Satellite server, enter the command
hammer content-view version list.
In this example, the ID of the second version of the "rhel8 example" content view is 8.
We’ll perform an incremental export of this content view with the command
hammer content-view incremental version --id 8.
If we compare the first full export with the second incremental export, there is a significant difference in size since we have removed an entire repository from the content view and there haven’t been any updates to the remaining "Red Hat Satellite Tools 6.10" repository.
Import Increment of the Content View
The command to import an incremental update to the disconnected Satellite server is the same as a full update.
On the disconnected Satellite server, we can see that version 2 of the "rhel8 example" content view contains only 10 packages and 1 errata compared to 61 packages and 27 errata in version 1.
By default, a content export contains all the content in 3 files. 2 of these account for metadata and the third contains the content. If desired, the content file can be split up into "chunks" with the following command, using the flag
--chunk-size-gb. This is useful for storing the exported content on smaller portable media.
hammer -d content-export complete version --id 12 --chunk-size-gb 1
In this example, the content is split up into 1GB chunks.
The process to import the chunked exports is the same as with un-chunked exports. See above in the section titled "Import Content". Remember to change the user and group ownership to the
Red Hat Satellite 6.10 features the ability to export content to a disconnected Satellite server with full and incremental updates. As well, the content can be easily split up into chunks to store on smaller pieces of storage media if so desired. For more information on Red Hat Satellite 6.10, check out the Red Hat Satellite overview.
For more information on synchronizing content to a disconnected Satellite server, please refer to the official Satellite documentation.
About the author
As a Senior Principal Technical Marketing Manager in the Red Hat Enterprise Linux business unit, Matthew Yee is here to help everyone understand what our products do. He joined Red Hat in 2021 and is based in Vancouver, Canada.