Adobe Brand Red Hat Brand Fire Eye Brand Symantec Brand
Mar 14 2018

Using Satellite 6 with Amazon Web Services

At one point or another the topic of cloud comes up and the largest player today is Amazon Web Services (AWS). For those who have Satellite 6, a common question is "Can I leverage my investment in Satellite with AWS?" and the answer is YES.

There are many ways to use Satellite with AWS, but for those who already have a Satellite server configured on-premise, the recommended use case would be to install a Satellite Capsule in AWS. Using a capsule in AWS allows you to leverage the investment and automation built into your on-premises Satellite system and begin to deploy systems right away into AWS with no code changes required! Using Satellite and Capsules in the cloud, you can truly write once and deploy anywhere to take full advantage of a hybrid on-premise and public cloud architecture.

Step 1: Create an Amazon Machine Image

The first step would be to create the Amazon Machine Image (AMI) that will be used to build your AWS capsule. While you can choose a pre-built AMI from AWS, we recommend creating an image on-premises that can be imported into AWS. This method provides you with complete control of the image contents.

Step 2: Prepare VM before importing into AWS

Once you have the new Virtual Machine (VM) built, you should prepare it before you import it into AWS. Once you have the VM ready you upload it to an existing or new S3 bucket. I have provided some helpful links for addressing this from a Linux admin system below:


Step 3:  Configure an AWS compute resource in Satellite 6

Create the EC2 compute resource you need for AWS in Satellite 6 server.  The Satellite 6 server compute resource will need admin level rights to work correctly, but does not require billing or user creation rights to do so.  When you create this compute resource you will see that a new set of keys gets created and added to AWS. The one thing to be careful of if you are using your own image and NOT using cloud-init is that the public key for the keypair created by Satellite when you setup the EC2 compute resource gets put into /root/.ssh/authorized_keys file.  First refer to this link to get the private key then run

ssh-keygen -y -f {path/private_key_file}

where you provide the path and file name of the key from the Red Hat link and you will get the public key that needs to be added to /root/.ssh/authorized_keys file in your custom image.  This will allow foreman to ssh into a new instance and run a finish script.


Step 4: Install and register AWS Capsule to Satellite 6 Capsule

Next create a new RHEL7 instance and register it to your Satellite 6 server.  Once you register the new RHEL instance for the AWS capsule to your on-premises Satellite 6 server, you can follow the capsule install instructions to install and register the AWS capsule to your Satellite 6 server.


Step 5: Sync the needed content to the new AWS capsule server

Once the capsule is built, then sync the content you want to use in AWS to the capsule the same way you sync any other content to any Satellite 6 Capsule. In Satellite/Capsule 6.2.13 you can choose what content to sync just by editing the capsule then choosing the Lifecycle Environments to sync in the Lifecycle Environments tab which is the same for any capsule regardless of where it is (AWS, on premises, etc.).  To save time and data transfer costs, you only sync the content you need to use in AWS to the AWS capsule.  Data is transferred to and stored in the AWS capsule server only once and every time it is needed to create, update, or change an instance in AWS the content is all local—coming from the AWS capsule in that Availability Zone.


Step 6: Deploy Hiera data for puppet to the new AWS capsule

One last step if you use puppet and hiera is to copy over your hiera.yaml and hieradata structure to your new capsule and keep the content in sync.  There are many ways to deploy hiera and a hieradata structure and how you do that will determine what ways work well to keep the hiera data in sync between your Satellite 6 server and capsules.   If you need help just let us know and we can show you how to use GIT for your hiera data.

NOTE: If you are going to use cloud-init in your image

One other point to note is that AWS and Satellite can use cloud-init and user scripts to finish provisioning on newly created instances in AWS, which works well.  If you want to use this method you need to install the cloud-init packages and update the /etc/cloud/cloud.cfg configuration file. By default cloud.cfg is set to NOT permit any ssh in as root and NOT allow ssh using passwords.  If you would rather let your ssh configuration handle this and not cloud-init then you need to change these two lines:

disable_root: 1

ssh_pwauth: 0

to this:

disable_root: 0

ssh_pwauth: 1


Congratulations!  You are ready to use Amazon Web Services with Satellite 6

With a capsule deployed in AWS, you will now be able to manage your AWS and on-premises environments through a single Satellite install base and leverage your Satellite 6 and puppet investment seamlessly across your entire enterprise.  Talk to an Emergent sales representative today to see how we can help you realize a true hybrid cloud environment!