How to provision systems with On premise Satellite to AWS with Capsule using Cloud-Init

Solution Verified - Updated

Environment

  • Satellite 6
  • AWS Based Capsule
  • AWS Cloud

Issue

  • Documentation is not very clear about how to properly setup provisioning in AWS using Cloud-Init.

Resolution

Environment Setup

  1. Create new instance in AWS. which covers at least minimum requirements for capsule

  2. Set up Content from docs.aws.amazon.com is not included.VPN or Site to Site Connection between AWS Instance and Satellite Server, make sure VPN connection works and it is stable

  3. Install Capsule in AWS

  4. If there is no DNS resolution between Satellite and AWS add capsule entry into /etc/hosts

    [root@satellite6 ~]# cat /etc/hosts 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.10.8 satellite6.sysmgmgmt.lan
10.10.10.18 capsule1.sysmgmgmt.lan
10.45.200.150 ip-172-31-10-30.eu-north-1.compute.internal   <-- AWS Capsule

  5. Add AWS environment as Compute Resource

Image Setup

In order to provision with Cloud-Init, image with Cloud-Init packages and running service is needed. Also Content from docs.aws.amazon.com is not included.Setting up a S3 Bucket and Content from docs.aws.amazon.com is not included.VMimport Role in AWS environment needs to be done before attempting to create image for AWS provisioning

  • Creating Image using Red Hat tools

      1. Install RHEL with Cockpit and Image-Builder
      1. Follow the steps
       Create Blueprint -> Create Image -> type AWS -> Click Next -> At packages tab type Cloud-Init
      1. If possible choose upload to AWS, if not download the image and upload to desired S3 Bucket manually.
      1. Create image on AWS from S3 Bucket in EC2 image builder
        • 4.1. Import Image
        • 4.2. Fill in name and fill out the required fields.
        • 4.3. Select Red Hat Enterprise Linux as Base OS
        • 4.4. Specify path to S3 Bucket, or Click Browse and navigate to my_image.raw
        • 4.5. Choose VMimport as IAM Role, if VMimport role is not present, create it as described Content from docs.aws.amazon.com is not included.VMimport Role
        • 4.6. It is possible to define, if needed, BYOL as license management in Advanced Settings -> License Management
        • 4.7. To get AMI of image click on image version
      1. Create image in AWS compute resource in satellite using AMI of uploaded image.
        Please note: That if no other user is specified on image creation, Satellite will then attempt to use root, which will lead to host stuck in build mode, since AWS does not allow root login. In that case use ec2-user in username field.

  • Creating Image from AWS provided Golden Image

      1. Content from docs.aws.amazon.com is not included.Create rhel instance in AWS with desired specs
      1. Choose Foreman as key-pair

      1. Download Foreman key

         Sat WebUi -> Infrastructure -> Compute Resources -> AWS Compute Resource -> SSH keys -> Foreman SSH key -> Download

      1. Connect via SSH to the machine 

         # ssh -i "foreman-342b68ae8-d952-4d41-8fc9-c52bcf421525.pem" ec2-user@ec2-13-48-127-122.eu-north- 
 1.compute.amazonaws.com

      1. Install Cloud-Init and enable service, optionally perform other package installations and system
        configurations

         # yum install cloud-init
 # systemctl start cloud-init.service
 # systemctl enable cloud-init.service

      1. Remove Amazon RHUI , enable repository management by subscription-manager

         # yum -y remove rh-amazon-rhui-client*
 # rm -rf /etc/yum.repos.d/*
 # subscription-manager config --rhsm.manage_repos=1
      1. Go to AWS , then select 
       EC2 -> Instances -> Click on Created RHEL Instance -> Actions Drop down menu -> Image and Templates -> Create Image

      After previous select, receive an output

       Currently creating AMI ami-01481ef7999ffc7bc from instance i0635de7818d491809.

      Check that the AMI status is Available before deleting the instance or carrying out other actions related to this AMI This is ami to be used when creating image entry in Satellite

      1. Create image in AWS compute resource in satellite using AMI created image.
        Please note That if no other user is specified on image creation, Satellite will then attempt to use root, which will lead to host stuck in build mode, since AWS does not allow root login. In that case use ec2-user in username field.

Satellite Setup
Cloud-init is dependent on Subnet specified in Satellite. Even when such Subnet is not technically needed while provisioning on AWS from Satellite6, it needs to be specified if execution of Cloud-Init over Capsule in AWS is required.

  • Setting up Subnet for use with AWS

      1. Go to AWS , then select

         VPC -> VPCs -> click on VPC -> see IPv4 CIDR

      1. Go to Satellite Web Gui then select

         Infrastructure -> Subnets -> Create Subnet

      1. Fill out the required fields as follows

         NAME      = aws_subnet
 PROTOCOL  = ipv4
 IPAM      = None
        • 3.1. Set Network Address , Network Prefix * , Network Mask * like in AWS as navigated above,

  • Create Compute profiles that matches desired server size is required

      1. Go to Satellite Web Gui then select
       Infrastructure -> Compute Profiles -> Create Compute Profile -> AWS Compute Resource
      1. Flavour, is the most important part. for example t3.small
      1. Select Image
      1. Select Availability Zone
      1. Subnet (EC2)
      1. Choose security groups

Provisioning to AWS
Provisioning to AWS should be possible as described in documentation

For more KB articles/solutions related to Red Hat Satellite 6.x Provisioning Issues, please refer to the Consolidated Troubleshooting Article for Red Hat Satellite 6.x Provisioning related Issues

Root Cause

SBR
Product(s)
Components
Category

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.