KEMBAR78
Satellite Remote Execution | PDF | Secure Shell | Software
Scribd
Upload
585 views20 pages

Satellite Remote Execution

Remote Execution provides the ability to run commands on client systems from Satellite Server. Katello agent was previously used but is now deprecated. Remote Execution Pull mode allows clients to securely pull jobs from Satellite and run them, even when offline. Satellite 6.13 enhances pull mode with offline client support, ability to run jobs as a different user, and UI improvements.

Uploaded by

Mostafa Hamouda
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
585 views20 pages

Satellite Remote Execution

Remote Execution provides the ability to run commands on client systems from Satellite Server. Katello agent was previously used but is now deprecated. Remote Execution Pull mode allows clients to securely pull jobs from Satellite and run them, even when offline. Satellite 6.13 enhances pull mode with offline client support, ability to run jobs as a different user, and UI improvements.

Uploaded by

Mostafa Hamouda
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

Red Hat Satellite

Remote Execution

Moustafa Harbi
Senior Technical Account Manager

1
katello-agent • katello-agent was deprecated
in version 6.7
• katello-agent was used for
remote package actions

Deprecation • katello-agent will be removed


from Satellite in 6.15
• Remote Execution Pull
mode has been available

Reminder •
since Satellite 6.12.
Remote Execution in SSH
mode has been available
since before Satellite 6.3.

2
Red Hat Satellite

Remote Execution
(REX) Push Mode
Push remote jobs from the

Satellite server for execution on

hosts through SSH.

3
Remote execution: Use cases

▸ Satellite 6.2 allows to run arbitrary commands on clients using SSH


▸ Capsule used to talk with registered clients
▸ Built-in templates
・ Launch arbitrary commands on client/host collection
・ Content management
・ Install/update/delete package/package group
・ Install Errata
・ Set up services
・ Start Puppet agent (deprecated)
4 ・ Shut down/restart client/host collection
Remote execution: settings

• Remote Execution is enabled by default during installation


• By default, remote execution uses root user account on targets
• remote_execution_ssh_user
• SSH public keys can be deployed using kickstart
• <%= snippet 'remote_execution_ssh_keys' %>
• Deploy ssh public key for already registered clients
○ # ssh-copy-id -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub
<root@client.example.com>
○ # curl -k https://satellite.example.com:9090/ssh/pubkey >>
~/.ssh/authorized_keys
5
Remote execution:
Remote Execution settings in Satellite GUI

6
Administer → Settings → Remote Execution
Remote execution
Running Jobs [1/4]

7 Organization Context → Hosts → All Hosts → Select Hosts →


Select Action → Run Job
Remote execution
Running Jobs [2/4]

8
Organization Context → Hosts → All Hosts → Select
Hosts → Select Action → Run Job
Remote execution
Running Jobs [3/4]

9
Remote execution
Running Jobs [4/4]

10

Job Task → Sub tasks


What’s new in Red Hat Satellite 6.13

Remote
Execution
Enhancing Remote Execution

functionality to simplify host

management

Improvements

11
Remote Execution in 6.11
Install/Remove/Update operations for software

▸ In Satellite 6.11 the recommended Remote Execution method is a push process.

▸ Package update/install/remove operations were run as push operations with REX push.

▸ Katello agent provided pull functionality for update/install/remove operations.

▸ Katello agent is deprecated.

12
Remote Execution in 6.12
Pull Mode

▸ In Satellite 6.12 provides an option Remote Execution (REX) Pull.


▸ Clients (hosts) are notified by Satellite infrastructure that there is a
new job to run.
▸ Clients authenticate and securely pull the job and run it.
▸ There is virtually no difference in execution of REX Pull jobs
compared to REX Push

13
Remote Execution in 6.13
Improvements

➔ Pull Mode Offline client/host support


◆ If a client or host is offline at the time that a REX job pull mode is
created, the job will be queued to be resent until it is picked up or time
limit is reached
◆ Default time limit is one day.
◆ Default resend time interval is 15 minutes.

➔ Pull Mode Effective user support


◆ “runas” a different user

➔ UI improvements
◆ New guided process for creating jobs
14
◆ Updated dashboard
Enabling Pull Mode

• On the Satellite server, enable pull-based transport.


• # satellite-installer --foreman-proxy-plugin-remote-execution-script-mode pull-mqtt

• Open port 1883 to allow MQTT through the firewall.


• # firewall-cmd --add-port="1883/tcp"

• # firewall-cmd --runtime-to-permanent

15
Enabling Pull Mode
In Satellite, click on “Administer” à “Settings”.

16
Enabling Pull Mode
Click on the “Content” tab.

17
Enabling Pull Mode
Finally, set the attribute “Prefer registered through Capsule for remote execution” to Yes. (Only If you’ve capsules)

18
Enabling Pull Mode
• Install the katello-pull-transport-migrate package on your host.
• On RHEL 8/9 hosts:
• # dnf install katello-pull-transport-migrate

• On Red Hat Enterprise Linux 7 hosts:


• # yum install katello-pull-transport-migrate

• verify that the pull client is running and configured properly


• # systemctl status yggdrasild

19
Remote Execution Pull Mode Improvements

Remote Execution UI
Improvements

20

You might also like