So you are using Satellite 6, but need to provision machines using KVM / Libvirt.

If you just install satellite 6, and attempt to configure a compute resource to point at a KVM hypervisor, you’ll quickly discover all kinds of certificate errors such as

Call to virConnectOpen failed: Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory

In order to use satellite, you need to provide a secure way for satellite to connect to the KVM host.

In this example, i’ve chosen to allow satellite root access to my hypervisor, I would never recommend this in a production environment, but for my test lab, it works just fine.

I will write a follow up post that details how to configure this in a more secure way.

Assuming I have 2 hosts.

My satellite server - sat6 - 192.168.200.4
My kvm hypervisor - kvm - 192.168.200.1

First generate a key on my satellite

log in as the root user

ssh root@sat6

When logged into the satellite 6 server

# su - foreman -s /bin/bash
$ ssh-keygen
$ ssh-copy-id root@kvm

Then test the ssh connection to the KVM host, and make sure it works.

$ ssh root@kvm

Please note: This is a really bad idea on any system you care about, this is just a demonstration of how to make it work in a lab environment! I will follow up a post with a more secure example!

Another important point is to specify we are using ssh authentication in the URL, as well as the username. This is done by specifying qemu+ssh in the URL.

Once connected you can access the hypervisor.

You now have a really simple, and easy way to provision to a lab environment without expensive hypervisor managers!