This post covers the questions and answers during the January 2020 Satellite Ask Me Anything (AMA) calls. 

For anyone not familiar, the Satellite AMAs are an "ask me anything" (AMA) style event where we invite Red Hat customers to bring all of their questions about Red Hat Satellite, drop them in the chat, and members of the Satellite product team answers as many of them live as we can during the AMA and we then follow up with a blog post detailing the questions and answers.

The ground rules of the AMA are:

  • In the interest of making everyone feel like they can truly ask any question, the Satellite AMA sessions are not recorded. 

  • The Satellite AMA is not the appropriate place to ask questions about specific support cases or specific sales issues. While we may be able to give generic feedback about certain areas we cannot use this time to troubleshoot or dig into logs. For your support cases please continue to work with Red Hat support, and for any sales issues please work with your Red Hat or Partner sales rep.

  • The AMA is presented using Blue Jeans Prime. All questions are asked via the Q&A panel which allows other attendees to vote on questions that are asked. Questions are read by an event moderator based on the popularity of the questions and answered live and in real time.

As we kicked off the Satellite AMAs we pointed out a few important items happening in the Satellite area:

Since the AMA we announced the release of the Satellite 6.7 Beta. Check out the Satellite 6.7 blog for full details of all the features offered in the latest beta.

The next Red Hat Satellite AMA is planned for March 12, 2020 at 11am EST.

Join us on the event day at:  https://primetime.bluejeans.com/a2m/live-event/effbdewt

Here are questions and answers (lightly edited for readability, grammar, spelling, etc.) from the January 15, 2020 Red Hat Satellite Ask Me Anything.

Question: We would like to see more features/integration around enterprise patching. Schedules, groups, user notification, etc. Any plans for this?

Answer: We continue to look into improvements. If you have specific examples please open a support case so we can get additional information.

Question: I've created a solution using Content Views and Lifecycle Environments, but is there a Red Hat suggested, documented, and preferred method of managing and applying Errata on a monthly basis? This would be extremely helpful for businesses that run Windows and coordinate around Patch Tuesdays.

Answer: Patching tends to be specific to the organization. There are a lot of options available, so there is no one best practice.  Satellite has a lot of capability and controls around patching.

The October 31 AMA did cover some suggestions about a recommended way to implement Content Views and Lifecycle Groups.

Question: Do you have a health check available for satellite and the capsules servers? 

Answer: If you aren’t already using Red Hat Insights, please check it out. Insights has a number of rules available to check on the health as well as performance and availability or Red Hat Satellite.

For a very basic check, you can use the `hammer ping` command - this will tell you the services that are running.  

Question: Any plans to add SAML support for Satellite? Mainly to support 2FA authentication for access to the system.

Answer: We have some keycloak and Red Hat SSO capabilities planned for Tech Preview in Satellite 6.7. Take a look at the Satellite 6.7 Beta and share any feedback about this feature.

Question: Any effort on a DR solution or HA solution for satellite forthcoming?  

Answer: The initial focus is to get Satellite to Pulp 3 to remove MongoDB then we can look into this deeper. Removing MongoDB will take Satellite to a single database which makes things like DR and HA simpler to consider.

Question: Does Satellite support RHEL 8 yet? Is there an in place OS upgrade path?

Answer: In 6.5 we added support for RHEL 8 clients. Satellite and Capsule servers still run on RHEL 7 and not RHEL 8.  RHEL 8 support will be in a future release with some migration path expected for the OS.

Question: Will Satellite include an Ansible tower in a future release?

Answer: There are no plans to include Ansible Tower with Satellite. Ansible Tower is part of the Ansible Automation Platform subscription and can automate and orchestrate RHEL as well as Windows, storage devices, network devices, and much more. 

Question: Is there documentation on how to create a report Template? 

Answer: There is a KCS on creating a Satellite 6 report template, but it is not part of the documentation set yet.

We are planning on adding a dedicated document in the future. You can also refer to the blog on Getting started with Satellite 6.5 reporting engine.

Question: Is there any sort of license for testing Satellite in a lab environment? We'd like to manage our lab environment independent of our production and disaster recovery instances without incurring more sizable licensing costs.

AnswerYes, and you should already have it. In March 2018 we made a change to Smart Management packaging so that we give you quantity 50 of Satellite infrastructure subscriptions.  This gives you the ability to deploy more Satellites in a lab or dev environment or expand your scale with more capsules or load balanced capsules. You can learn more by reading the KCS article on Satellite Infrastructure Subscriptions.

Question: How is support for provisioning to Azure coming along?

Answer: Provisioning to Azure is one of the features available as part of the Satellite 6.7 beta.  Take a look at the Satellite 6.7 Beta and share any feedback about this feature. 

Question: Are there any plans to store information about filters for a given CV version? 

Answer: Not at this time.  If there is a need please open a RFE via support and share your business case so we can look into it further.

Question:: Is there an in depth guide to maintaining an accurate inventory in Ansible Tower with Satellite 6.6?

Answer: As of Satellite 6.3 there is the ability to add Satellite as a dynamic inventory in Ansible Tower.  This is covered in several places including an Ansible.com blog on how to Use Satellite 6 as an inventory source in Ansible Tower

Question: Are there any plans to add host tagging functionality into Satellite for searching/filtering?

Answer: The best solution would be to use  host parameters or custom facts.

You can use host parameters to accomplish this by going to the Satellite UI -> Host -> All Hosts -> Select a Host -> Edit -> Parameters tab.

Question: In 6.2, all databasess are under /var/lib/, would that be the same in 6.6?

Answer: We are still using the same databases in /var/lib. So this would be the same.

Question: Any plans to split up Satellite and the databases in different hosts?

Answer: In 6.4 we introduced the functionality to run the Satellite databases on external machines.  We generally don't recommend this unless you are supporting 30K hosts or more as smaller scale environments generally won’t see any benefit from the additional management required.

Question: Can the Content Hosts and All Hosts items-per-page options be standardized? All Hosts are limited to 50 and Content Hosts are limited to 100.

Answer: We absolutely recognize some of the inconsistencies like this. As part of a larger styling initiative we are looking to have a more consistent experience across the UI in future releases.  

Update: Satellite UI -> Settings -> General -> Entries Per Page controls the number of items displayed in UI. Please create a bug if this setting is not honored on the page.

Question: What is the recommended download policy for Capsules? We've having issues with 403 errors using "on demand" and Red Hat support is telling us to switch to "immediate".

Answer: If the Satellite is set to “on demand” and the Capsule(s) are set to “on demand” then the Capsule has to go request the content from the Satellite which has to in turn request it from the CDN. This can lead to the 403 errors

Question: I heard that the MongoDB database will be going away in a future Satellite release.  What will replace it?

Answer: Currently Satellite is using two databases—MongoDB for Pulp and PostgreSQL for everything else. The Satellite team announced last year that as part of the move to Pulp 3 we will standardize on a single database which is postgresql.  

Question: Is there any documented method for management of CentOS systems within Satellite? 

Answer: We do not support the running of CentOS with Satellite.

Question: Can we update from satellite 6.5 directly to 6.6? On both the satellites and capsules

Answer: Yes - you can upgrade from 6.5 to 6.6

Question: Is there a way to store the provisioning templates and report templates inside a GIT repository or multiple GIT repositories?

Answer:  Hammer has that ability already (export-templates, import-templates) and the Satellite user interface gets these additions starting in the 6.7 beta.  Take a look at the Satellite 6.7 Beta and share any feedback about this feature.

Question: Is it ok to run kattello-backup to an NFS drive? Is kattello-backup the best way to do a backup? 

Answer:  It is fine to run katello-backup to an NFS drive, however we do not advocate running the databases themselves on NFS. Katello-backup did recently change names to foreman-maintain backup. We also support LVM snapshots as well.

Question: is there a direct link to the latest releases?

Answer:  There is a Red Hat Satellite Release Dates knowledgebase article that contains this information. You can also review the latest Satellite errata release.

Question: We are going to Azure. Can Satellite be used to provide updates to Azure VM’s that are sourced and licensed from Azure? Or does licensing have to be provided via Satellite in order for updates to occur?

Answer:  For cloud instances,  Red Hat Enterprise Linux can be acquired via the cloud access program (bring your own subscriptions) or via the pay as you go model. You can use Satellite either way, and both require subscriptions.

If you are using the pay as you go model, the best thing to do is work with your account team to add any additional "buffer" subscriptions to account for the systems in the pay as you go model.

Question: From version 6.3 to the latest and upcoming versions are there a lot changes to the hammer and API commands? 

Answer: We try to retain compatibility between versions, but there is often a little bit of change.  Jake Callahan from the Satellite QE team has a tool that can be used to track these as you upgrade for the API or the CLI.

Question: If I run an OpenSCAP report natively, I get Ansible remediation in the form of snippets/playbooks. If I run the same report through Satellite, I see the report results but no remediation. What is required to enable this feature?

Answer: We don't currently allow remediations via Satellite at this moment. The Compliance service on cloud.redhat.com does have this capability.

Question: Can an additional IP/name be added to an already configured sat6 capsule.

Answer: We can add an additional cname to an already existing satellite or capsule.  Not sure about adding an additional IP though—it would be best to contact support to get more details and see if this is possible.

Question: Can a Content View (CV) be configured with future date and patches will be updated as and when they come in?

Answer: Filter dates on CVs are applied when the CV is published. If you used a future date it wouldn't work. You'd need to update the CV and republish it which would give you versioning and fall back ability.  

Question: We are trying to switch to SCAP contents from tripwire for Compliance reports.

Any chance reports will be changed to include a report with all failures of all servers in 1 report?

Answer: This functionality isn't available in Satellite. The Compliance service on cloud.redhat.com may be able to meet this need.

Question: Will Redhat 8 OpenSCAP policies be supported soon?  

Answer: SCAP policies that we pull into Satellite are pulled from the RHEL security guide package. The RHEL team has not yet released RHEL 8 SCAP policies.

Question: Why no more System Set Manager (SSM)? The lack of this has made tasks and patching much more difficult. We have lost quick insight and the potential for fail points has increased due to that. 

Answer: Satellite 6 does have a rich set of Bulk operations available to Hosts in the UI and Hammer. The functionality is not 100% the same as the SSM but does offer the ability to modify subscriptions, repositories, install/update hosts, add/remove packages, etc.

Question: Is any work being put into improving the overall performance of Satellite 6?

Answer: Every release includes performance and scale related fixes. If there is a specific area where you are having performance concerns we recommend opening a support case.

Question: I have Red Hat Virtualization (RHV) virtual machines (VM) which reside on hosts that have Smart Virtualization subscription attached to them. Instead of subscribing as a VM of the host subscribed to Smart Virtualization, the VM just picks up ANY available subscription—why does this behavior happen?

Answer: When registering a system to Satellite you are often using an activation key.  Subscriptions often require additional information to identify the subscription that should be consumed.  When the guest is not yet known we give a temp sub to provide RHEL. On the next run of virt-who we know where the guest lives in the topology and should switch from the temp sub to the permanent one. Feel free to open a support case if more guidance is needed.

Question: What is your opinion on using Satellite with SALT?  Pros and Cons?

Also, can you refer me to online resources or more documentation and best practices.

Answer: We don't currently have any built in support for SALT, and as such no documentation.

Question: Are there any known issues with Satellite giving 404 errors when fetching RPM’s for “yum update” or “yum install “ intermittently? We’re on version 6.6.1, but have seen this behavior on previous versions as well. Rerunning the update or install will eventually successfully fetch the updates. 

Answer: There shouldn't be any issues around this. It could be a network issue (proxy DNS etc.). Please open a support case if this continues.

Question: Does satellite reporting engine allow filtering of the RHEL hosts across multiple clouds and categorize them?

Answer: The reporting engine gives a search query box that can be used to filter the report.  You can filter on any facts like the bios vendor. This is the same search syntax as the other reports in Satellite.  You can also look at how you group and categorize your hosts which might make this search easier.

Question: Why does it take more than two hours for the capsule to receive packages from CVs which are published—the capsule/Satellite servers have enough memory/CPU etc.

Answer: If you are not on Satellite 6.6 then you should upgrade. There are specific performance fixes we added into the latest version of 6.5 as well as 6.6 that improve the performance of capsule syncing.

This also depends on the amount of content being synced, your network bandwidth, location of Satellite/Capsules, etc. If you continue to have issues please open a support case.

Question: Will Satellite continue to support disconnected Satellite installs for closed networks?

Answer: Yes.

Question: Is there any way of downloading RPMs from Satellite 6 similar to the way this can be done in Satellite 5?

Answer: The best way would be to use the hammer context export function that allows you to export the content elsewhere and self-host it.  

Question: Is there a feature like the Satellite 5 "spacewalk-report" CLI utility in Satellite 6?

Answer: Satellite 6 has two major reporting capabilities.  The first is the reporting engine which was introduced in Satellite 6.5. This would be the closest thing to spacewalk-report that exists in Satellite 6. We also added some additional functionality like scheduling and emailing the reports.

The other way is the native hammer command which can be formatted in JSON, CSV, or YAML.

Question: When installing and running Satellite on a VMware VM are there resource minimums the VM should have?  For example, number of CPU cores, memory, etc.

Answer: That information is covered in the Red Hat Satellite Tuning Guide.

Question: I would like to use Insights but I am concerned about the security. The data includes hostnames, IPs, vulnerabilities but is only protected by single-factor authentication. Is there an option to keep all Insights data local?

Answer: There is no option to keep Insights data local, however you have full control over the data that is sent and you can easily obfuscate hostnames and IP addresses.

For more information review the KB article on System Information Collected by Red Hat Insights as well as Obfuscating IP Addresses and Host Names in Red Hat Insights.

Join us for the next AMAs

The next Red Hat Satellite AMA is planned for March 12, 2020 at 11am EST.

Join us on the event day at: https://primetime.bluejeans.com/a2m/live-event/effbdewt

Please join us and bring any questions about Satellite that you might have. We look forward to hearing from you!