Red Hat Satellite - Account Setup

Overview

To improve security and stability of an environment, an account with minimal privileges should be used to integrate vRealize Automation with other systems.


This article will provide you with the minimum permissions required for the SovLabs module to operate with Red Hat Satellite. 

Considerations

  • You have licensed the Red Hat Satellite SovLabs module
  • Created 2 accounts
    • To register against Red Hat Satellite (Local or AD Integrated. This will be added to a custom role in Red Hat Satellite)
    • To install packages on the host (Usually root account or an account that has YUM access without SUDO)


Procedure

Create a role and assign permissions

This section covers the permissions required for Red Hat Satellite and the registration and management process. 

  1. Create a role
    1. Create a Role ie; SovLabs_VRA
    2. Edit the role and assign the following from the table below
ResourcePermissionsUnlimitedOverrideSearch
Activation Keysview_activation_keys

N/A
Content Views

view_content_views
create_content_views
edit_content_views
destroy_content_views



N/A
GPG Keysview_gpg_keys

N/A
Hostview_hosts
create_hosts
edit_hosts
destroy_hosts


N/A
Host Collectionsview_host_collections

N/A
Lifecycle Environmentview_lifecycle_environments

N/A
Organizationview_organizations

N/A
Product and Repositoriesview_products

N/A
Subscriptionview_subscriptions
attach_subscriptions
CHECK
N/A


NOTE:  In older versions of Red Hat Satellite, you may have the option of Content Host.  If this is the case, the below permissions will be changed


ResourcePermissionsUnlimitedOverrideSearch
Hostview_hosts


Content Hostview_content_hosts
create_content_hosts
edit_content_hosts
destroy_content_hosts



Add account to your custom role

  1. If required, create a local account in Red Hat Satellite, Else, Add an existing account to the role you created


Configure an account that can do the YUM install

  1. An account that has access to the Node being deployed
  2. Must be able to run YUM without the requirement of SUDO
  3. This is usually the ROOT account

Additional information

Red Hat Satellite least permissions article (Registered RH Users) : https://access.redhat.com/solutions/1570203
SovLabs Red Hat Satellite module : http://docs.sovlabs.com/latest/vRA/7.6/modules/configuration-mgmt/red-hat-satellite/

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.