diff --git a/guides/common/attributes-base.adoc b/guides/common/attributes-base.adoc index ef4750a95f7..87cd72c394b 100644 --- a/guides/common/attributes-base.adoc +++ b/guides/common/attributes-base.adoc @@ -201,6 +201,7 @@ :client-salt-minion-repository-url: https://packages.broadcom.com/artifactory/saltproject-rpm/ // Foreman Server and Smart Proxy Server :project-minimum-memory: 4 GB +:smart-proxy-minimum-memory: 4 GB // Satellite uses satellite-maintain to wrap all package manager actions // but you need to install satellite-maintain (and other tooling) before it's // available. There are also other cases where it's not available (yet). diff --git a/guides/common/attributes-katello.adoc b/guides/common/attributes-katello.adoc index 437bfea9ab2..427c534df4c 100644 --- a/guides/common/attributes-katello.adoc +++ b/guides/common/attributes-katello.adoc @@ -6,5 +6,6 @@ :installer-scenario: foreman-installer --scenario katello :project-installer-package: foreman-installer-katello :project-minimum-memory: 20 GB +:smart-proxy-minimum-memory: 12 GB :smartproxy_port: 9090 :smartproxy-installer-package: foreman-proxy-content diff --git a/guides/common/attributes-orcharhino.adoc b/guides/common/attributes-orcharhino.adoc index 05fa0dc0b89..194ff330233 100644 --- a/guides/common/attributes-orcharhino.adoc +++ b/guides/common/attributes-orcharhino.adoc @@ -42,6 +42,7 @@ :project-minimum-memory: 20 GB :smart-proxy-context: orcharhino-proxy :smart-proxy-context-titlecase: orcharhino_Proxy +:smart-proxy-minimum-memory: 12 GB :smart-proxy-principal: orcharhinoproxy :smartproxy-example-com: orcharhino-proxy.example.com :smartproxy_port: 9090 diff --git a/guides/common/attributes-satellite.adoc b/guides/common/attributes-satellite.adoc index de8fdbd7071..d5de7d2db35 100644 --- a/guides/common/attributes-satellite.adoc +++ b/guides/common/attributes-satellite.adoc @@ -124,6 +124,7 @@ :provision-script: kickstart :smart-proxy-context: capsule :smart-proxy-context-titlecase: Capsule +:smart-proxy-minimum-memory: 12 GB :smart-proxy-principal: {smart-proxy-context} :SmartProxies: Capsules :smartproxy_port: 9090 diff --git a/guides/common/modules/con_supported-usage-of-project-components.adoc b/guides/common/modules/con_supported-usage-of-project-components.adoc index 9565d7fbb8d..0a3c34cf95c 100644 --- a/guides/common/modules/con_supported-usage-of-project-components.adoc +++ b/guides/common/modules/con_supported-usage-of-project-components.adoc @@ -13,11 +13,6 @@ Reserve this instance solely for the purpose of running {ProjectName}. Not supported: Using the operating system included with {Project} to run other daemons, applications, or services within your environment. endif::[] -SELinux:: -Ensure SELinux is in enforcing or permissive mode. -+ -Not supported: Installation with disabled SELinux. - Foreman:: You can extend Foreman with plugins packaged with {ProjectName}. ifdef::satellite[] diff --git a/guides/common/modules/ref_supported-operating-systems.adoc b/guides/common/modules/ref_supported-operating-systems.adoc index 86be2838ce3..4a86cc3e10e 100644 --- a/guides/common/modules/ref_supported-operating-systems.adoc +++ b/guides/common/modules/ref_supported-operating-systems.adoc @@ -26,7 +26,6 @@ ifdef::foreman-deb[] endif::[] |==== -{Team} advises against using an existing system because the {Project} installer will affect the configuration of several components. ifdef::satellite[] Red{nbsp}Hat {ProductName} requires a {RHEL} installation with the `@Base` package group with no other package-set modifications, and without third-party configurations or software not directly necessary for the direct operation of the server. This restriction includes hardening and other non-Red{nbsp}Hat security software. @@ -35,6 +34,4 @@ If you require such software in your infrastructure, install and verify a comple ifeval::["{context}" == "{smart-proxy-context}"] Do not register {SmartProxyServer} to the Red{nbsp}Hat Content Delivery Network (CDN). endif::[] - -Red{nbsp}Hat does not support using the system for anything other than running {ProductName}. endif::[] diff --git a/guides/common/modules/ref_system-requirements.adoc b/guides/common/modules/ref_system-requirements.adoc index 01512878a58..e7dc497a2c9 100644 --- a/guides/common/modules/ref_system-requirements.adoc +++ b/guides/common/modules/ref_system-requirements.adoc @@ -3,116 +3,90 @@ [id="system-requirements_{context}"] = System requirements -The following requirements apply to the networked base operating system: +ifdef::satellite[] +{ProductName} is fully supported on both physical systems and virtual machines that run on hypervisors that are supported to run {RHEL}. +For more information about certified hypervisors, see https://access.redhat.com/articles/certified-hypervisors[Certified Guest Operating Systems in Red Hat OpenStack Platform, Red Hat Virtualization, Red Hat OpenShift Virtualization and Red Hat Enterprise Linux with KVM]. -* x86_64 architecture -ifndef::foreman-deb[] -* The latest version of {EL} 9 endif::[] -* 4-core 2.0 GHz CPU at a minimum +Follow these system requirements when installing {ProductName}: + +* Install {ProductName} on a freshly provisioned system that serves no other function except to run {ProductName}. +Do not use an existing system because the {Project} installer will affect the configuration of several components. +* Ensure you have administrative user (root) access to the system. +* Ensure the system meets the following requirements: +** 4 CPU cores ifeval::["{context}" == "{project-context}"] -* A minimum of {project-minimum-memory} RAM is required for {ProjectServer} to function. -ifdef::katello,satellite[] -In addition, a minimum of 4 GB RAM of swap space is also recommended. +** {project-minimum-memory} RAM or higher +endif::[] +ifeval::["{context}" == "{smart-proxy-context}"] +** {smart-proxy-minimum-memory} or higher endif::[] -{Project} running with less RAM than the minimum value might not operate correctly. +ifdef::katello,satellite[] +** 4 GB RAM of swap space or higher endif::[] -ifeval::["{context}" == "{smart-proxy-context}"] -* A minimum of 12 GB RAM is required for {SmartProxyServer} to function. -In addition, a minimum of 4 GB RAM of swap space is also recommended. -{SmartProxy} running with less RAM than the minimum value might not operate correctly. +** A unique host name, which can contain lower-case letters, numbers, dots (.) and hyphens (-) + +* If you use custom certificates, ensure that the Common Name (CN) of the custom certificate is a fully qualified domain name (FQDN). +{ProjectServer} and {SmartProxyServer} do not support shortnames in the hostnames. + +ifdef::foreman-el,katello,satellite[] +* Ensure SELinux is enabled, either in enforcing or permissive mode. +Installation with disabled SELinux is not supported. +For more information, see {PlanningDocURL}security-considerations[Security considerations] in _{PlanningDocTitle}_. endif::[] -ifdef::katello,orcharhino,satellite[] -* A unique host name, which can contain lower-case letters, numbers, dots (.) and hyphens (-) +* Ensure the system clock on the system is synchronized across the network. +If the system clock is not synchronized, SSL certificate verification might fail. +ifdef::satellite[] +For example, you can use the Chrony suite for timekeeping. +For more information, see {RHELDocsBaseURL}9/html/configuring_basic_system_settings/configuring-time-synchronization_configuring-basic-system-settings[Configuring time synchronization] in _{RHEL}{nbsp}9 Configuring basic system settings_ endif::[] ifdef::satellite[] -* A current {ProjectName} subscription +ifeval::["{context}" == "{project-context}"] +* If you are installing in an environment with air-gapped {ProjectServer}s, ensure that all your {ProjectServer}s are on the same {Project} version for ISS Export Sync to work. +ISS Network Sync works across all {Project} versions that support it. +For more information, see {ContentManagementDocURL}Synchronizing_Content_Between_Servers_content-management[Synchronizing Content Between {Project} Servers] in _{ContentManagementDocTitle}_. +endif::[] endif::[] -* Administrative user (root) access -* Full forward and reverse DNS resolution using a fully-qualified domain name -{Project} only supports `UTF-8` encoding. +* Ensure the system uses the `UTF-8` encoding. If your territory is USA and your language is English, set `en_US.utf-8` as the system-wide locale settings. ifndef::foreman-deb[] For more information about configuring system locale in {EL}, see {RHELDocsBaseURL}9/html/configuring_basic_system_settings/assembly_changing-basic-environment-settings_configuring-basic-system-settings#proc_configuring-the-system-locale_assembly_changing-basic-environment-settings[Configuring the system locale] in _{RHEL}{nbsp}9 Configuring basic system settings_. endif::[] -ifdef::satellite[] -Your {Project} must have the {SatelliteSub} manifest in your Customer Portal. -{Project} must have {project-context}-{smart-proxy-context}-6.x repository enabled and synced. -To create, manage, and export a Red{nbsp}Hat Subscription Manifest in the Customer Portal, see {RHDocsBaseURL}subscription_central/1-latest/html/creating_and_managing_manifests_for_a_connected_satellite_server/index[Creating and managing manifests for a connected {ProjectServer}] in _Subscription Central_. -endif::[] - -{ProjectServer} and {SmartProxyServer} do not support shortnames in the hostnames. -When using custom certificates, the Common Name (CN) of the custom certificate must be a fully qualified domain name (FQDN) instead of a shortname. -This does not apply to the clients of a {Project}. - -Before you install {ProductName}, ensure that your environment meets the requirements for installation. -ifeval::["{context}" == "{smart-proxy-context}"] -[WARNING] -==== -The version of {SmartProxy} must match with the version of {Project} installed. -It should not be different. -For example, the {SmartProxy} version {ProjectVersion} cannot be registered with the {Project} version {ProjectVersionPrevious}. -==== -endif::[] - -{ProductName} must be installed on a freshly provisioned system that serves no other function except to run {ProductName}. -The freshly provisioned system must not have the following users provided by external identity providers to avoid conflicts with the local users that {ProductName} creates: - -* {apache-user} +* If you use an external identity provider in your deployment, ensure the provider did not create the following user accounts on the system. +These user accounts can cause conflicts with the local users that {ProductName} creates: +** {apache-user} ifeval::["{context}" == "{project-context}"] -* foreman +** foreman endif::[] -* foreman-proxy -* postgres +** foreman-proxy +** postgres ifdef::katello,satellite,orcharhino[] -* pulp +** pulp endif::[] -* puppet -* redis +** puppet +** redis ifdef::katello,satellite,orcharhino[] ifeval::["{context}" == "{project-context}"] -* tomcat +** tomcat endif::[] endif::[] -ifdef::satellite[] ifeval::["{context}" == "{smart-proxy-context}"] -For more information on scaling your {SmartProxyServers}, see {InstallingSmartProxyDocURL}{smart-proxy-context}-server-scalability-considerations_{smart-proxy-context}[{SmartProxyServer} scalability considerations]. -endif::[] -endif::[] - -ifdef::satellite[] -.Certified hypervisors -{ProductName} is fully supported on both physical systems and virtual machines that run on hypervisors that are supported to run {RHEL}. -For more information about certified hypervisors, see https://access.redhat.com/articles/973163[Certified Guest Operating Systems in Red Hat OpenStack Platform, Red Hat Virtualization, Red Hat OpenShift Virtualization and Red Hat Enterprise Linux with KVM]. -endif::[] - -ifdef::foreman-el,katello,satellite[] -.SELinux mode -SELinux must be enabled, either in enforcing or permissive mode. -Installation with disabled SELinux is not supported. -For more information, see {PlanningDocURL}security-considerations[Security considerations] in _{PlanningDocTitle}_. -endif::[] - -.Synchronized system clock -The system clock on the base operating system where you are installing your {ProductName} must be synchronized across the network. -If the system clock is not synchronized, SSL certificate verification might fail. -ifdef::satellite[] -For example, you can use the Chrony suite for timekeeping. -For more information, see {RHELDocsBaseURL}9/html/configuring_basic_system_settings/configuring-time-synchronization_configuring-basic-system-settings[Configuring time synchronization] in _{RHEL}{nbsp}9 Configuring basic system settings_ +[WARNING] +==== +The version of {SmartProxy} must match the version of {Project} installed. +For example, the {SmartProxy} version {ProjectVersion} cannot be registered with the {Project} version {ProjectVersionPrevious}. +==== endif::[] ifdef::satellite[] -ifeval::["{context}" == "{project-context}"] -.{ISS} (ISS) -In a scenario with air-gapped {ProjectServer}s, all your {ProjectServer}s must be on the same {Project} version for ISS Export Sync to work. -ISS Network Sync works across all {Project} versions that support it. -For more information, see {ContentManagementDocURL}Synchronizing_Content_Between_Servers_content-management[Synchronizing Content Between {Project} Servers] in _{ContentManagementDocTitle}_. +ifeval::["{context}" == "{smart-proxy-context}"] +For more information on scaling your {SmartProxyServers}, see {InstallingSmartProxyDocURL}{smart-proxy-context}-server-scalability-considerations_{smart-proxy-context}[{SmartProxyServer} scalability considerations]. endif::[] endif::[]