RHN Satellite Server 3.
RHN Satellite Server 3.7: Installation Guide Copyright © 2001 - 2005 by Red Hat, Inc. Red Hat, Inc. 1801 Varsity Drive Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park NC 27709 USA RHNsatellite(EN)-3.7-RHI (2005-03-16T12:14) Copyright © 2005 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1.
Table of Contents 1. Introduction..................................................................................................................................... 1 1.1. Red Hat Network ............................................................................................................... 1 1.2. RHN Satellite Server.......................................................................................................... 1 1.3. Terms to Understand .................................................
8. Maintenance .................................................................................................................................. 49 8.1. Managing the Satellite Service ........................................................................................ 49 8.2. Updating the Satellite....................................................................................................... 49 8.3. Backing Up the Satellite .......................................................................
Chapter 1. Introduction RHN Satellite Server provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows Red Hat Network customers the greatest exibility and power in keeping servers secure and updated. Two types of RHN Satellite Server are available: One with a stand-alone database on a separate machine and one with an embedded database installed on the same machine as the Satellite.
2 Chapter 1. Introduction • Security — an end-to-end secure connection is maintained from the client systems to the RHN Satellite Server without connecting to the public Internet. • Efficiency — packages are delivered significantly faster over a local area network. • Control — clients’ System Profiles are stored on the local RHN Satellite Server, not on the central Red Hat Network Servers.
Chapter 1. Introduction 3 • Database — for the Stand-Alone Database, this may be the organization’s existing database or, preferably, a separate machine. RHN Satellite Server 3.7 supports Oracle 9i R2. For the Embedded Database, the database comes bundled with RHN Satellite Server and is installed on the same machine as the Satellite during the installation process. • RHN Satellite Server — core "business logic" and entry point for Red Hat Update Agent running on client systems.
4 Chapter 1. Introduction must be networked, but this can be a private network; an Internet connection is not required for any of the systems. Refer to the RHN Proxy Server Installation Guide for more information. Figure 1-1. Using RHN Satellite Server and RHN Proxy Server Together 1.5. Summary of Steps Implementing a fully functional RHN Satellite Server requires more than installing software and a database. Client systems must be configured to use the Satellite.
Chapter 1. Introduction 5 page. These Channel Content ISOs differ from the distribution ISOs previously mentioned in that they contain metadata necessary for parsing and serving packages by Satellite. 6. If installing a Stand-Alone Database, you prepare your database instance using the formula provided in Chapter 2 Requirements. 7. You install Red Hat Enterprise Linux AS and then RHN Satellite Server 3.7 on the Satellite machine. 8.
6 Chapter 1.
Chapter 2. Requirements These requirements must be met before installation. 2.1. Software Requirements To perform an installation, the following software components must be available: • Base operating system — RHN Satellite Server is supported with Red Hat Enterprise Linux AS 2.1 Update 5 or later, Red Hat Enterprise Linux AS 3 Update 3 or later, or Red Hat Enterprise Linux AS 4 only.
8 Chapter 2. Requirements • Development Tools • Legacy Software Development Then after operating system installation, register the system with RHN and use the Red Hat Update Agent to install the outstanding packages with the following command: up2date newt-perl perl-DateManip perl-libxml-enno perl-Parse-Yapp / perl-Time-HiRes PyXML gd xorg-x11-deprecated-libs Once updated, delete the Red Hat Enterprise Linux AS 4 system profile from RHN, as it will be reregistered during Satellite installation.
Chapter 2. Requirements • @ Server • @ Development Tools • @ Legacy Software Development • perl-CGI • perl-Time-HiRes 9 2.1.3. Red Hat Enterprise Linux AS 2.1 Update 5 Packages To install RHN Satellite Server on Red Hat Enterprise Linux AS 2.1 Update 5, first obtain the required packages in one of the following ways. When installing Red Hat Enterprise Linux AS 2.
10 Chapter 2.
Chapter 2. Requirements 11 istrator (DBA) will be necessary to assess sizing issues. The following formula should be used to determine the required size of your database: • 192 KB per client system • 64 MB per channel For instance, an RHN Satellite Server containing 10 channels serving 10,000 systems would require 1.92 GB for its clients and 640 MB for its channels. If custom channels are to be established for testing and staging of packages, they must be included in this formula.
12 Chapter 2. Requirements 2.4. Additional Requirements The following additional requirements must be met before the RHN Satellite Server installation: • Full Access • Firewall Rules Client systems need full network access to the RHN Satellite Server solution’s services and ports. The RHN Satellite Server solution can be firewalled from the Internet, but it must be able to issue outbound connections to rhn.redhat.com and xmlrpc.rhn.redhat.com on ports 80 and 443.
Chapter 2. Requirements 13 to client systems, as described in Section 8.10 Enabling Push to Clients, you must allow inbound connections on port 5222. Finally, if the Satellite will also push to an RHN Proxy Server, you must also allow inbound connections on port 5269. • No system components should be directly, publicly available. No user other than the system administrators should have shell access to these machines. • All unnecessary services should be disabled using ntsysv or chkconfig.
14 Chapter 2.
Chapter 3. Example Topologies The RHN Satellite Server can be configured in multiple ways. Select one method depending on the following factors: • The total number of client systems to be served by the RHN Satellite Server. • The maximum number of clients expected to connect concurrently to the RHN Satellite Server. • The number of custom packages and channels to be served by the RHN Satellite Server. • The number of RHN Satellite Servers being used in the customer environment.
16 Chapter 3. Example Topologies Figure 3-2. Multiple Satellite Horizontally Tiered Topology 3.3. Satellite-Proxy Vertically Tiered Topology An alternative method to balance load is to install RHN Proxy Servers below a RHN Satellite Server that connect to the Satellite for RPMs from Red Hat Network and custom packages created locally. In essence, the Proxies act as clients of the Satelllite. This vertically tiered configuration requires that channels and RPMs be created only on the RHN Satellite Server.
Chapter 4. Installation This chapter describes the initial installation of the RHN Satellite Server. It presumes the prerequisites listed in Chapter 2 Requirements have been met. If you are instead upgrading to a newer version of RHN Satellite Server, contact your Red Hat representative for assistance. 4.1. Base Install The RHN Satellite Server is designed to run on the Red Hat Enterprise Linux AS operating system.
18 Chapter 4. Installation 5. Ensure the RHN Entitlement Certificate has been loaded onto the Satellite. It can be named anything and located in any directory. The installation program will ask you for its contents or location. Also, make sure your account has been granted the necessary entitlements to conduct the installation. For instance, a new Satellite will require both a Management or Provisioning entitlement for Red Hat Enterprise Linux AS and an RHN Satellite Server entitlement.
Chapter 4. Installation 19 Figure 4-2. Administrator Email Address 8. The Administrator Email Address page requires an email address to receive administrative correspondence. Ideally, this address serves multiple people in your organization to ensure delivery. Keep in mind, this address will receive all mail generated by the Satellite, including sometimes large quantities of error-related tracebacks.
20 Chapter 4. Installation 9. The Database Configuration page collects information required for the Satellite with StandAlone Database to connect to its database. If this is Satelllite with Embedded Database, skip to the Database Schema page description. For Satellite with Stand-Alone Database, consult your database administrator for the appropriate values. Then click Test DB Connection. The Database Schema page appears. Figure 4-4. Database Schema 10.
Chapter 4. Installation 21 Figure 4-6. RHN Configuration 12. The RHN Configuration page enables you to change the way the Satellite communicates with Red Hat Network. You may alter the Satellite’s hostname and the location, or mountpoint of the package repository. Typically, the defaults will do. If you intend to monitor systems with this Satellite, select both the Enable monitoring backend and Enable monitoring scout checkboxes.
22 Chapter 4. Installation Figure 4-7. Monitoring Configuration 13. The Monitoring Configuration page captures email routing information used in monitoring. This is required only if you intend to receive alert notifications from probes. If you do, provide the mail server (exchanger) and domain to be used. Note that sendmail must be configured to handle email redirects of notifications. Refer to Section 4.3 Sendmail Configuration for instructions. When finished, click Continue.
Chapter 4. Installation 23 To skip this step, such as for Satellites that will operate in disconnected mode, click either the continue link or button. If you do not register the Satellite, the RHN Satellite Synchronization Tool cannot be used to populate software channels. Contact your Red Hat representative to obtain the packages and updates manually. When finished, click Continue. The RHN Satellite Entitlement Certificate page appears. Figure 4-9. RHN Satellite Entitlement Certificate 15.
24 Chapter 4. Installation Figure 4-10. Satellite Synchronization 16. The Satellite Synchronization page allows you to initially populate your Satellite with software channel metadata. This is possible during installation only if you chose to register your Satellite with RHN. To synchronize, select the Perform Satellite Sync checkbox and click Continue. After the installation, you will still need to populate the channels with packages. Refer to Chapter 6 Importing and Synchronizing for instructions.
Chapter 4. Installation 25 Figure 4-11. SSL Certificate 17. The SSL Certificate page collects information necessary to create the Secure Sockets Layer (SSL) certificate used by the Satellite and its client machines. In addition, you may manage your SSL infrastructure using the RHN SSL Maintenance Tool. Refer to the SSL Certificates chapter of the RHN Client Configuration Guide for instructions.
26 Chapter 4. Installation Figure 4-12. Bootstrap Script 18. The Bootstrap Script page allows you to create a script for redirecting client systems from the central RHN Servers to the Satellite. This script, to be placed in the /var/www/html/pub/bootstrap/ directory of the Satellite, significantly reduces the effort involved in reconfiguring all systems, which by default obtain packages from the central RHN Servers. The required fields are prepopulated with values derived from previous installation steps.
Chapter 4. Installation 27 Figure 4-13. Installation Complete 19. The Installation Complete page marks the end of the initial Satellite installation and configuration. Click Complete to reboot the system and create the Satellite Administrator account. The Satellite Restart page appears. Figure 4-14. Satellite Restart 20. The Satellite Restart page requires no user input and merely provides a placeholder while the system is rebooted.
28 Chapter 4. Installation Figure 4-15. Satellite Administrator 21. The Satellite Administrator page enables you to create the Organization Administrator account on the Satellite. This master account can conduct any task available to all other user levels, as well as create other user accounts. As always, ensure this information exists on the backups of login information described in Chapter 2 Requirements. When finished, click Create Login. The Account Created page appears. Figure 4-16.
Chapter 4. Installation 29 4.3. Sendmail Configuration If your RHN Satellite Server will serve Monitoring-entitled systems and you wish to acknowledge via email the alert notifications you receive, you must configure sendmail to properly handle incoming mail. This is required by the email redirect feature, which allows you to stop notifying users about a Monitoring-related event with a single reply.
30 Chapter 4. Installation Two extra packages will also get downloaded in the transaction. These are needed for the mysql-server package to be installed and run successfully. Once finished, your Satellite may be used to schedule MySQL probes.
Chapter 5. Entitlements The RHN Satellite Server, like RHN itself, provides all services to customers through the setting of entitlements. For RHN, entitlements are purchased by customers as needed; however, for RHN Satellite Server, entitlements are contractually agreed-upon beforehand, and they are set at installation time. All public channels are automatically available; The private channels that should also be made available through the Satellite are determined by the RHN Entitlement Certificate.
32 Chapter 5. Entitlements Note Do not try to use this RHN Entitlement Certificate; it is just an example. The initial RHN Entitlement Certificate is generated by a member of the RHN team and emailed to a consultant or customer prior to an install. This process helps guarantee that we do not inadvertently install any RHN Satellite Servers that the RHN team does not know about. Save the XML file to the Satellite machine in preparation for activation. 5.2.
Chapter 5. Entitlements 33 Option Description --systemid=/PATH/TO/SYSTEMID For testing only - Provides an alternative system ID by path and file. The system default is used if not specified. --no-ssl For testing only - Disable SSL. Table 5-1. RHN Entitlement Certificate Options To use these options, insert the option and the appropriate value, if needed, after the rhn-satellite-activate command. Refer to Section 5.3.2 Activating the Satellite. 5.3.2.
34 Chapter 5.
Chapter 6. Importing and Synchronizing After installing the RHN Satellite Server, you must provide it the packages and channels to be served. This chapter explains how to import that data and keep it up-to-date. 6.1. RHN Satellite Synchronization Tool With the Satellite installation, Red Hat Network provides an application designed specifically to import and synchronize data - the RHN Satellite Synchronization Tool.
36 Chapter 6. Importing and Synchronizing Option Description Option Description -h, --help Display this list of options and exit. -d=, --db=DB Include alternate database connect string: username/password@SID. -m=, --mount-point=MOUNT_POINT Import/sync from local media mounted to the Satellite. To be used in closed environments (such as those created during disconnected installs). --list-channels List all available channels and exit.
Chapter 6. Importing and Synchronizing 37 Option Description --ca-cert=CA_CERT Use an alternative SSL CA certificate by including the full path and filename. --systemid=SYSTEM_ID For debugging only - Include path to alternative digital system ID. --systemid=SYSTEM_ID For debugging only - Include path to alternative digital system ID. --batch-size=BATCH_SIZE For debugging only - Set maximum batch size in percent for XML/database-import processing. Open man satellite-sync for more information.
38 Chapter 6. Importing and Synchronizing Important To populate custom channels correctly, you must first populate at least one Red Hat base channel. The RHN Satellite Synchronization Tool creates the necessary directory structures and permissions; without these, the custom channel tools will not work properly. For this reason, you should use these instructions to set up your base channel(s) and then refer to the RHN Channel Management Guide for steps to establish custom channels. 6.2.1.
Chapter 6. Importing and Synchronizing 39 6.2.3. Running the Import The rhns-satellite-tools package provides the satellite-sync program for managing all package, channel, and errata imports and synchronizations. The following process assumes in the previous step the user has copied all data to /var/rhn-sat-import. Note The trailing backslash (\) in all subsequent command examples is a continuation character; it may safely be omitted. Long versions of all options are used in the examples for clarity.
40 Chapter 6. Importing and Synchronizing After running the preceding sample command, the population of the channel should be complete. All of the packages should have been moved out of the repository; this can be verified with the command cd /var/rhn-sat-import/; ls -alR | grep rpm. If all RPMs have been installed and moved to their permanent locations, then this count will be zero, and the administrator may safely remove the temporary repository (in this case, /var/rhn-sat-import/). 6.3.
Chapter 6. Importing and Synchronizing 41 6.3.2. Synchronizing Errata and Packages via Local Media For customers who cannot connect their Satellite directly to RHN, Red Hat recommends downloading Channel Content ISOs to a separate, Internet-connected system and then transferred to the Satellite. Refer to Section 6.2.2 Preparing for Import for instructions on downloading the ISOs.
42 Chapter 6.
Chapter 7. Troubleshooting This chapter provides tips for determining the cause of and resolving the most common errors associated with RHN Satellite Server. If you need additional help, contact Red Hat Network support at https://rhn.redhat.com/help/contact.pxt. Log in using your Satellite-entitled account to see your full list of options. In addition, you may package configuration information and logs from the Satellite and send them to Red Hat for further diagnosis. Refer to Section 7.
44 Chapter 7. Troubleshooting df -h In addition to log files, you can obtain valuable information by retrieving the status of your RHN Satellite Server and its various components. This can be done with the command: service rhn-satellite status In addition, you can obtain the status of components such as the Apache HTTP Server and the RHN Task Engine individually.
Chapter 7. Troubleshooting 45 the Web server stating "Could not determine the server’s fully qualified domain name" upon failing to start. This problem typically originates from the /etc/hosts file. You may confirm this by examining /etc/nsswitch.conf, which defines the methods and the order by which domain names are resolved. Usually, the /etc/hosts file is checked first, followed by Network Information Service (NIS) if used, followed by DNS.
46 Chapter 7. Troubleshooting • Ensure the RHN Satellite Server is using Network Time Protocol (NTP) and set to the appropriate time zone. This also applies to all client systems and the separate database machine in RHN Satellite Server with Stand-Alone Database. • Confirm the correct rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm is installed on the RHN Satellite Server and the corresponding rhn-org-trusted-ssl-cert-*.noarch.
Chapter 7. Troubleshooting 47 Once finished, email the new file from the /tmp/ directory to your Red Hat representative for immediate diagnosis.
48 Chapter 7.
Chapter 8. Maintenance Because of the RHN Satellite Server’s unique closed environment, its users are provided with abilities not available to any other Red Hat Network customers. In addition, the Satellite itself will also require maintenance. This chapter discusses the procedures that should be followed to carry out administrative functions outside of standard use, as well as apply patches to the RHN Satellite Server. 8.1.
50 Chapter 8. Maintenance If instead of installing new Satellite packages, you are attempting to update the server’s RHN Entitlement Certificate, such as to increase its number of client systems, refer to Chapter 5 Entitlements for instructions. 8.3. Backing Up the Satellite Backing up an RHN Satellite Server can be done in several ways. Regardless of the method chosen, the associated database also needs to be backed up. For the Stand-Alone Database, consult your organization’s database administrator.
Chapter 8. Maintenance 51 8.4.1. DB Control Options RHN DB Control offers many command line options. To use them, as oracle insert the option and the appropriate value, if needed, after the db-control command. Option Description help Lists these db-control options with additional details. backup DIRNAME Backs up the database to the directory specified. examine DIRNAME Examines the contents of a backup directory. Returns the timestamp of backup creation and reports on its contents.
52 Chapter 8. Maintenance Once the backup is complete, return to root user mode and restart the database and related services with these commands in this order: service rhn-database start service taskomatic start service httpd start You should then copy that backup to another system using rsync or another file-transfer utility. Red Hat strongly recommends scheduling the backup process automatically using cron jobs. For instance, back up the system at 3 a.m.
Chapter 8. Maintenance 53 8.5. Cloning the Satellite with Embedded DB You may limit outages caused by hardware or other failures by cloning the Satellite with Embedded Database in entirety. The secondary Satellite machine can be prepared for use if the primary fails. To clone the Satellite, conduct these tasks: 1. Install RHN Satellite Server with Embedded Database (and a base install of Red Hat Enterprise Linux AS) on a separate machine, skipping the SSL Certificate generation step. 2.
54 Chapter 8. Maintenance If you generated a new SSL certificate during secondary Satellite installation to include a new Common Name value, instead copy the RPMs from the secondary to the primary Satellite and redistribute the client-side certificate. If you also created another bootstrap script, you may use this to install the certificate on client systems. 5.
Chapter 8. Maintenance 55 Figure 8-1. Internal Tools To refresh the view of channels that have been updated but do not yet reflect those modifications on the Satellite website, click the Update Errata cache now link on this page. 8.7.1.1. Maintaining the RHN Task Engine The default display shows the status of the RHN Task Engine. This tool is a daemon that runs on the Satellite server itself and performs routine operations, such as database cleanup, Errata mailings, etc.
56 Chapter 8. Maintenance 8.7.2. Deleting Users Because of the isolated environment in which RHN Satellite Servers operate, Satellite customers have been granted the ability to delete users. To access this functionality, click Users in the top navigation bar of the RHN website. In the resulting User List, click the name of the user to be removed. This takes you to the User Details page. Click the delete user link at the top-right corner of the page. Figure 8-2.
Chapter 8. Maintenance 57 8.8. Automating Synchronization Manually synchronizing the RHN Satellite Server repository with Red Hat Network can be an arduous task. In addition, staff levels tend to be highest at peak usage times. For this reason, Red Hat encourages you to automate synchronization in late evening or early morning to better balance load and ensure quick synchronization. Further, Red Hat strongly recommends synchronization occur randomly for best performance.
58 Chapter 8. Maintenance Please note that changing the password on the RHN website will change only the local password on the RHN Satellite Server, which may not be used at all if PAM is enabled for that user. In the above example, for instance, the Kerberos password will not be changed. 8.10.
Appendix A. Sample RHN Satellite Server Configuration File The /etc/rhn/rhn.conf configuration file for the RHN Satellite Server provides a means for you to establish key settings. Be warned, however, that errors inserted into this file may cause Satellite failures. So make configuration changes with caution. You should be particularly concerned with the following parameters: traceback_mail, default_db, and server.satellite.http_proxy.
60 Appendix A.
Index A advantages, 1 automating Satellite synchronization, 57 B backing up the RHN Satellite Server, 50 installation task list, 4 L log files, 43 M maintenance, 49 C caching issues, 46 cloning satellite, 53 components, 2 connection errors, 45 R Red Hat Network introduction, 1 redundant satellite D db-control use, 50 satellite redundancy, 53 requirements, 7 additional, 12 E database, 10 hardware, 9 enabling push to clients, 58 software, 7 G software - Enterprise Linux 3, 8 software - Enterpri
62 S satellite-debug, 46 satellite-sync, 39, 40 --step=channel-families, 39 --step=channels, 39 --step=rpms, 39 Satelllite Sync Tool cache refresh, 37 options, 35 steps, 35 summary of steps, 4 synchronizing keeping channel data is sync, 40 T terms to understand, 2 tool use, 54 topologies, 15 multiple satellites horizontally tiered, 15 satellite and proxies vertically tiered, 16 single satellite, 15 traceback, 2 troubleshooting, 43 U updating the RHN Satellite Server, 49
