RHN Proxy Server 4.1.
RHN Proxy Server 4.1.0: Installation Guide Copyright © 2001 - 2005 Red Hat, Inc. Red Hat, Inc. 1801 Varsity Drive Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park NC 27709 USA RHNproxy(EN)-4.1.0-RHI (2005-04-20T13:40) Copyright © 2005 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1.
Table of Contents 1. Introduction .................................................................................................................... 1 1.1. Red Hat Network ..............................................................................................1 1.2. RHN Proxy Server ............................................................................................1 1.3. Terms to Understand .........................................................................................2 1.4.
Chapter 1. Introduction 1.1. Red Hat Network Red Hat Network (RHN) is the environment for system-level support and management of Red Hat systems and networks of systems. Red Hat Network brings together the tools, services, and information repositories needed to maximize the reliability, security, and performance of their systems. To use RHN, system administrators register the software and hardware profiles, known as System Profiles, of their client systems with Red Hat Network.
2 Chapter 1. Introduction Although the packages are served by the Proxy, clients’ System Profiles and user information are stored on the secure, central RHN Servers1, which also serve the RHN website (rhn.redhat.com). The Proxy acts as a go-between for client systems and Red Hat Network (or an RHN Satellite Server). Only the package files are stored on the RHN Proxy Server.
Chapter 1. Introduction 3 1.3. Terms to Understand Before understanding RHN Proxy Server, it is important to become familiar with the following Red Hat Network terms: Channel A channel is a list of software packages. There are two types of channels: base channels and child channels. A base channel consists of a list of packages based on a specific architecture and Red Hat release. A child channel is a channel associated with a base channel that contains extra packages.
4 Chapter 1. Introduction systems do not need direct access to the Internet. They need access only to the RHN Proxy Server. Important Red Hat strongly recommends that clients connected to an RHN Proxy Server be running the latest update of Red Hat Enterprise Linux to ensure proper connectivity. Clients that access RHN directly are authenticated by the RHN servers.
Chapter 1. Introduction 5 Optionally, the RHN Package Manager can be installed and configured to serve custom packages. Any package that is not an official Red Hat package, including custom packages written specifically for an organization, can only be served from a private software channel (also referred to as a custom software channel). After creating a private RHN channel, the custom RPM packages are associated with that channel by uploading the package headers to the RHN Servers.
6 Chapter 1.
Chapter 2. Requirements These requirements must be met before installation. To install RHN Proxy Server version 3.6 or later from RHN Satellite Server, the Satellite itself must be version 3.6 or later. 2.1. Software Requirements To perform an installation, the following software-related components must be available: • Base operating system — RHN Proxy Server is supported with Red Hat Enterprise Linux AS 3 Update 5 or later, or Red Hat Enterprise Linux AS 4 only.
8 Chapter 2. Requirements • To do this for kickstart installation, include the command selinux --disabled • After the installation is complete, edit the /etc/selinux/config file to read SELINUX=disabled and reboot the system. • Finally, you can use the system-config-securitylevel-tui command and reboot the system. • An available RHN Proxy Server entitlement within your Red Hat Network account.
Chapter 2. Requirements 9 If the RHN Proxy Server is configured to distribute custom, or local packages, make sure that the /var mount point on the system storing local packages has sufficient disk space to hold all of the custom packages, which are stored in /var/spool/rhn-proxy. The required disk space for local packages depends on the number of custom packages served. 2.4.
10 Chapter 2. Requirements Distribution Locations Since the Proxy forwards virtually all local HTTP requests to the central RHN Servers, you must take care to put files destined for distribution (such as in a kickstart installation tree) in the non-forwarding location on the Proxy: /var/www/html/pub/. Files placed in this directory can be downloaded directly from the Proxy. This can be especially useful for distributing GPG keys or establishing installation trees for kickstarts.
Chapter 3. Example Topologies The RHN Proxy Server can be configured in multiple ways. Select one method depending on the following factors: 1. The total number of client systems to be served by the RHN Proxy Server 2. The maximum number of clients expected to connect concurrently to the RHN Proxy Server. 3. The number of custom packages and channels to be served by the RHN Proxy Server. 4. The number of RHN Proxy Servers being used in the customer environment.
12 Chapter 3. Example Topologies 3.2. Multiple Proxy Horizontally Tiered Topology For larger networks, a more distributed method may be needed, such as having multiple RHN Proxy Servers all connecting to Red Hat Network individually. This horizontally tiered configuration balances the load of client requests while enabling each Proxy to simultaneously synchronize with RHN.
Chapter 3. Example Topologies 13 need to establish synchronization between the RHN Proxy Servers as they use the up2date functionality inherent with the product. Like the horizontally tiered configuration, this vertical method allows any client of any RHN Proxy Servers to have all custom packages delivered to them. The Proxy merely looks in its repository to see if it can find the package on its file system. If not, it then makes the attempt from the next level up.
14 Chapter 3. Example Topologies described in the RHN Client Configuration Guide. To find out how channels and packages are shared between them, refer to the RHN Channel Management Guide.
Chapter 4. Installation This chapter describes the initial installation of the RHN Proxy Server. It presumes the prerequisites listed in Chapter 2 Requirements have been met. However, if you are upgrading to a newer version of RHN Proxy Server, contact your Red Hat representative for assistance. 4.1. Base Install The RHN Proxy Server is designed to run on the Red Hat Enterprise Linux AS operating system.
16 Chapter 4. Installation 4.2. RHN Proxy Server Installation Process The following instructions describe the RHN Proxy Server installation process: 1. Register the newly-installed Red Hat Enterprise Linux AS system with Red Hat Network (either the central RHN Servers or your RHN Satellite Server) using the organizational account containing the RHN Proxy Server entitlement with the command: up2date --register. 2. Grant the system a Provisioning entitlement.
Chapter 4. Installation 17 Warning Please note that the RHN Proxy Server installation may replace the squid.conf and httpd.conf configuration files on the system to ease upgrades later. If you have edited these files and want to preserve them, they are rotated in place and can be retrieved after installation. Figure 4-1. System Details ⇒ Proxy 9. In the System Details ⇒ Details ⇒ Proxy subtab, the pulldown menu should indicate your ability to activate the system as an RHN Proxy Server.
18 Chapter 4. Installation Figure 4-2. Welcome 10. In the Welcome page, you will find notification of any requirements not met by the system. When the system is ready, a continue link appears. Click it to go to the Terms & Conditions page.
Chapter 4. Installation 19 Figure 4-3. Terms & Conditions 11. In the Terms & Conditions page, click the terms and conditions link to view the licensing agreement of the RHN Proxy Server. When satisfied, click the I agree link. You must agree in order to continue with the installation. The Enable Monitoring page appears next.
20 Chapter 4. Installation Figure 4-4. Enable Monitoring 12. In the Enable Monitoring page, you must decide whether the Proxy will be used to monitor systems served by it. For this to take place, the RHN Proxy Server must meet the requirements identified in Chapter 2 Requirements and must be connected to an RHN Satellite Server (or another Proxy connected to a Satellite). To enable monitoring on the Proxy, select the checkbox and click continue. The Configure RHN Proxy Server page appears.
Chapter 4. Installation 21 Figure 4-5. Configure RHN Proxy Server 13. In the Configure RHN Proxy Server page, provide or confirm the entries for all required fields. The Administrator Email Address will receive all mail generated by the Proxy, including sometimes large quantities of error-related tracebacks. To stem this flow, consider establishing mail filters that capture messages with a subject of "RHN TRACEBACK from hostname".
22 Chapter 4. Installation Insert only the hostname and port in the form hostname:port, such as your-gateway.example.com:3128. Tip The installation process affects only the Proxy configuration file: /etc/rhn/rhn.conf. The Red Hat Update Agent (up2date) configuration file, /etc/sysconfig/rhn/up2date, must be updated manually to receive its updates from another server, such as an RHN Satellite Server. Finally, you must decide whether to enable SSL using the checkbox at the bottom.
Chapter 4. Installation 23 Figure 4-6. Configure SSL 14. In the Configure SSL page applicable only to a Proxy connecting to an RHN Satellite Server or another RHN Proxy Server with SSL enabled, provide the information needed to generate the server certificate. The most important item is the CA certificate password, which must match the password used while enabling SSL on the parent server.
24 Chapter 4. Installation Figure 4-7. Configure Monitoring 15. In the Configure Monitoring page, provide or confirm the hostname and IP address of the parent server connected to by the RHN Proxy Server. This must be either an RHN Satellite Server or another Proxy which is in turn connected to a Satellite. You cannot achieve Monitoring through the central RHN Servers. When finished, click continue. The Install Progress page appears.
Chapter 4. Installation 25 Figure 4-8. Install Progress 16. In the Install Progress page, you may monitor the steps of the installation as they take place. Click the link to any step to go to its Action Details page. When an action begins, its status goes from Queued to Picked Up and then finally to Completed. Like the earlier package installs, you can immediately trigger these steps by running the rhn_check command in a terminal on the system as root.
26 Chapter 4. Installation Figure 4-9.
Chapter 5. RHN Package Manager The RHN Package Manager is a command line tool that allows an organization to serve local packages associated with a private RHN channel through the RHN Proxy Server. If you want the RHN Proxy Server to update only official Red Hat packages, do not install the RHN Package Manager. To use the RHN Package Manager, install the rhns-proxy-package-manager package and its dependencies. Only the header information for packages is uploaded to the RHN Servers.
28 Chapter 5. RHN Package Manager 5.2. Uploading Packages Note You must be an Organization Administrator to upload packages to private RHN channels. The script will prompt you for your RHN username and password. After creating the private channel, upload the package headers for your binary and source RPMs to the RHN Server and copy the packages to the RHN Proxy Broker Server.
Chapter 5. RHN Package Manager 29 This -s option will list all the missing packages (packages uploaded to the RHN Server not present in the local directory). You must be an Organization Administrator to use this command. The script will prompt you for your RHN username and password. Refer to Table 5-1 for additional command line options. If you are using the RHN Package Manager to update local packages, you must go to the RHN website to subscribe the system to the private channel. 5.3.
30 Chapter 5. RHN Package Manager Option Description --password=PASSWORD Specify your RHN password. If you do not provide one with this option, you will be prompted for it. --source Upload source package headers. --dontcopy In the post-upload step, do not copy the packages to their final location in the package tree. --test Only print the packages to be pushed. --no-ssl Not recommended — Turn off SSL. -?, --usage Briefly describe the options.
Chapter 6. Troubleshooting This chapter provides tips for determining the cause of and resolving the most common errors associated with RHN Proxy Server. If you need additional help, contact Red Hat Network support at https://rhn.redhat.com/help/contact.pxt. Log in using your Satelliteentitled account to see your full list of options. 6.1.
32 Chapter 6. Troubleshooting Table 6-1. Log Files 6.3. Questions and Answers This section contains the answers to the most frequently asked questions regarding installing and configuring an RHN Proxy Server solution. 1. After configuring the RHN Package Manager how can I determine if the local packages were successfully added to the private RHN channel? Use the command rhn_package_manager -l -c "name_of_private_channel" to list the private channel packages known to the RHN Servers.
Chapter 6. Troubleshooting 33 6.4. General Problems To begin troubleshooting general problems, examine the log file or files related to the component exhibiting failures. A useful exercise is to tail all log files and then run up2date --list. You should then examine all new log entries for potential clues. A common issue is full disk space. An almost sure sign of this is the appearance of halted writing in the log files. If logging stops during a write, such as mid-word, you likely have filled disks.
34 Chapter 6. Troubleshooting First, in a text editor, remove the offending machine information, like so: 127.0.0.1 localhost.localdomain.com localhost Then, save the file and attempt to re-run the RHN client applications or the Apache HTTP Server. If they still fail, explicitly identify the IP address of the Proxy in the file, such as: 127.0.0.1 localhost.localdomain.com localhost 123.45.67.8 this_machine.example.com this_machine Replace the value here with the actual IP address of the Proxy.
Chapter 6. Troubleshooting 35 6.7. Caching Issues If package delivery fails or an object appears to be corrupt, and it is not related to connection errors, you should consider clearing the caches. The RHN Proxy Server has two caches you should be concerned with: one for Squid and the other for authentication. The Squid cache is located in /var/spool/squid/. To clear it, stop the Apache HTTP Server and Squid, delete the contents of that directory, and restart both services.
36 Chapter 6. Troubleshooting 6.8. Proxy Debugging by Red Hat If you’ve exhausted these troubleshooting steps or want to defer them to Red Hat Network professionals, Red Hat recommends that you take advantage of the strong support that comes with RHN Proxy Server. The most efficient way to do this is to aggregate your Proxy’s configuration parameters, log files, and database information and send this package directly to Red Hat.
Appendix A. Sample RHN Proxy Server Configuration File The /etc/rhn/rhn.conf configuration file for the RHN Proxy Server provides a means for you to establish key settings. Be warned, however, that errors inserted into this file may cause Proxy failures. Make configuration changes with caution. If you are also using an RHN Satellite Server, you should be particularly concerned with the following parameters: traceback_mail and proxy.rhn_parent.
38 Appendix A.
Index I A inbound ports, satellite 5222, 9 installation base, 15 of RHN Proxy Server, 16 additional requirements, 9 advantages, 2 authentication, 4 authentication caching clearing, 35 L log files, 31 C O caching issues, 35 channel, 3 creating a private channel, 27 Channel Administrator, 3 client configuration subscribe to private channel, 29 connection errors, 34 Organization Administrator, 3 outbound ports 80, 443, 9 D P port 443, 9 5222, 9 80, 9 private channel, 27 disk space requirements, 8
40 RHN Package Manager, 4, 27 channels, specifying, 28 command line options, 29 configuration file, 27 configuring, 27 create private channel, 27 installing, 27 upload package headers, 28 verify local package list, 28 rhn-proxy service, 31 rhn.
