Content access control for orcharhino hosts

orcharhino provides a robust set of strategies for controlling what content is accessible to your hosts. You can restrict content access by using core mechanisms, such as content views, lifecycle environments, and content overrides. You can use activation keys to apply these content access controls during host registration.

Content access strategies

To give hosts access to a specific subset of the content managed by orcharhino, you can use the following strategies.

ATIX AG recommends considering implementing the strategies in the order as listed here:

Content views and lifecycle environments

Use content views and lifecycle environments, incorporating content view filters as needed.

For more information about content views, see Managing Content Views.

For more information about lifecycle environments, see Managing Application Lifecycles.

Content overrides

By default, content hosted by orcharhino can be either enabled or disabled. In custom products, repositories are always disabled by default. Enabling a repository gives the host access to the repository packages or other content, allowing hosts to download and install the available content.

If a repository is disabled, the host is not able to access the repository content. A content override provides you with the option to override the default enablement value of either Enabled or Disabled for any repository. You can add content overrides to hosts or activation keys.

For more information about adding content overrides to hosts, see Enabling and Disabling Repositories on Hosts in Managing Hosts.

For more information about adding content overrides to activation keys, see Enabling and disabling repositories on activation key.

Content view environments

Assign hosts to multiple content view environments to provide access to content from more than one content view. For more information about multiple content view environments, see Managing content view environments.

Composite content views

You can use composite content views to combine and give hosts access to the content from multiple content views. For more information about composite content views, see Creating a composite content view by using web ui.

Architecture and operating system version restrictions

In custom products, you can set restrictions on the architecture and operating system versions for Deb repositories on which the product will be available. For example, if you restrict a custom repository to Debian 13, it is only available on hosts running Debian 13. Architecture and operating system version restrictions hold the highest priority among all other strategies. They cannot be overridden or invalidated by content overrides, changes to content views, or changes to lifecycle environments. For this reason, ATIX AG recommends considering the other strategies mentioned before that use architecture or operating system version restrictions.

Conditions for content availability

A host can access a package or repository only when all of the following conditions are true.

  • The repository is included in the content view environments of the host.

  • The content view of the host has been published after the repository was added to it.

  • The repository has not been filtered out by a content view filter.

  • The repository is enabled by default or overridden to Enabled by using a content override.

  • The repository has no architecture or operating system version restrictions or it has architecture or operating system version restrictions that match the host.

Activation keys and content access

Activation keys simplify the workflow for some of the content access strategies.

You can use activation keys to perform the following actions:

  • Assign hosts to content view environments.

  • Add content overrides to hosts.

  • Set system purpose attributes on hosts, including a release version.

Activation keys only affect hosts during registration. If a host is already registered, you can change the content access individually for each host or through content host bulk actions.

Additional resources

The text and illustrations on this page are licensed by ATIX AG under a Creative Commons Attribution Share Alike 4.0 International ("CC BY-SA 4.0") license. This page also contains text from the official Foreman documentation which uses the same license ("CC BY-SA 4.0").