RHN Proxy Server 3.
RHN Proxy Server 3.7: Installation Guide Copyright © 2001 - 2005 by Red Hat, Inc. Red Hat, Inc. 1801 Varsity Drive Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park NC 27709 USA RHNproxy(EN)-3.7-RHI (2005-03-16T12:14) Copyright © 2005 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1.
Table of Contents 1. Introduction..................................................................................................................................... 1 1.1. Red Hat Network ............................................................................................................... 1 1.2. RHN Proxy Server ............................................................................................................. 1 1.3. Terms to Understand .................................................
Chapter 1. Introduction 1.1. Red Hat Network Red Hat Network (RHN) is the environment for system-level support and management of Red Hat systems and networks of systems. Red Hat Network brings together the tools, services, and information repositories needed to maximize the reliability, security, and performance of their systems. To use RHN, system administrators register the software and hardware profiles, known as System Profiles, of their client systems with Red Hat Network.
2 Chapter 1. Introduction with its own GPG signature, and have the local RHN Proxy Server update all the individual systems in the network with the latest versions of the custom software. Advantages of using RHN Proxy Server include: • Scalability — there can be multiple local RHN Proxy Servers within one organization. • Security — an end-to-end secure connection is maintained: from the client systems, to the local RHN Proxy Server, to the Red Hat Network Servers.
Chapter 1. Introduction 3 1.4. How it Works The Red Hat Update Agent on the client systems does not directly contact a Red Hat Network Server. Instead, the client (or clients) connects to an RHN Proxy Server that connects to the Red Hat Network Servers. Thus, the client systems do not need direct access to the Internet. They need access only to the RHN Proxy Server.
4 Chapter 1. Introduction Network Server). If the RHN Package Manager is used, the client systems must be subscribed to the private RHN channel.
Chapter 2. Requirements These requirements must be met before installation. To install RHN Proxy Server version 3.6 or later from RHN Satellite Server, the Satellite itself must be version 3.6 or later. 2.1. Software Requirements To perform an installation, the following software components must be available: • Base operating system — RHN Proxy Server is supported with Red Hat Enterprise Linux AS 2.1 Update 5 or later, Red Hat Enterprise Linux AS 3 Update 3 or later, or Red Hat Enterprise Linux AS 4 only.
6 Chapter 2. Requirements • Configuration of the system to accept remote commands and configuration management through Red Hat Network. Refer to Section 4.2 RHN Proxy Server Installation Process for instructions. 2.2. Hardware Requirements The following hardware configuration is required for the RHN Proxy Server: • Pentium III processor, 1.
Chapter 2. Requirements • 7 A Red Hat Network Account Customers who will be connecting to the central Red Hat Network Servers to receive incremental updates will need an account with Red Hat Network. This account should be set up at the time of purchase with the sales representative. • Backups of Login Information It is imperative customers keep track of all primary login information.
8 Chapter 2.
Chapter 3. Example Topologies The RHN Proxy Server can be configured in multiple ways. Select one method depending on the following factors: 1. The total number of client systems to be served by the RHN Proxy Server. 2. The maximum number of clients expected to connect concurrently to the RHN Proxy Server. 3. The number of custom packages and channels to be served by the RHN Proxy Server. 4. The number of RHN Proxy Servers being used in the customer environment.
10 Chapter 3. Example Topologies can be used to synchronize packages between the Proxies. Second, a Network File System (NFS) share can be established between the Proxies and the custom channel repository. Either of these solutions will allow any client of any RHN Proxy Servers to have all custom packages delivered to them. Figure 3-2. Multiple Proxy Horizontally Tiered Topology 3.3.
Chapter 3. Example Topologies 11 Figure 3-3. Multiple Proxy Vertically Tiered Topology 3.4. Proxies with RHN Satellite Server In addition to the methods described in detail within this chapter, customers also have the option of using RHN Proxy Server in conjunction with RHN Satellite Server. This works similarly to the vertically tiered Proxy configuration but increases capacity significantly, as Satellites can serve a much greater number of client systems.
12 Chapter 3.
Chapter 4. Installation This chapter describes the initial installation of the RHN Proxy Server. It presumes the prerequisites listed in Chapter 2 Requirements have been met. If you are instead upgrading to a newer version of RHN Proxy Server, contact your Red Hat representative for assistance. 4.1. Base Install The RHN Proxy Server is designed to run on the Red Hat Enterprise Linux AS operating system.
14 Chapter 4. Installation 4. Navigate to the System Details Packages Install subtab and search for rhncfg. In the resulting list, select all packages and install them. 5. If you will be enabling secure sockets layer (SSL) encryption on the Proxy and connecting to the central RHN Servers, install the rhns-certs-tools package from the same Red Hat Network Tools channel and use the RHN SSL Maintenance Tool to generate the tar file required later.
Chapter 4. Installation 15 Figure 4-2. Welcome 10. In the Welcome page, you will find notification of any requirements not met by the system. When the system is ready, a continue link appears. Click it to go to the Terms & Conditions page. Figure 4-3. Terms & Conditions 11. In the Terms & Conditions page, click the terms and conditions link to view the licensing agreement of the RHN Proxy Server. When satisfied, click the I agree link.
16 Chapter 4. Installation toring page appears next. Figure 4-4. Enable Monitoring 12. In the Enable Monitoring page, you must decide whether the Proxy will be used to monitor systems served by it. For this to take place, the RHN Proxy Server must meet the requirements identified in Chapter 2 Requirements and be connected to an RHN Satellite Server (or another Proxy connected to a Satellite). To enable monitoring on the Proxy, select the checkbox and click continue.
Chapter 4. Installation 17 Figure 4-5. Configure RHN Proxy Server 13. In the Configure RHN Proxy Server page, provide or confirm the entries for all required fields. The Administrator Email Address will receive all mail generated by the Proxy, including sometimes large quantities of error-related tracebacks. To stem this flow, consider establishing mail filters that capture messages with a subject of "RHN TRACEBACK from hostname".
18 Chapter 4. Installation have SSL enabled by default) or to an RHN Satellite Server or RHN Proxy Server that has SSL enabled. Connection to the central RHN Servers requires upload of the certificate tar file mentioned earlier. Connection to a Satellite or another Proxy through SSL requires the CA certificate password used in enabling SSL on the parent system.
Chapter 4. Installation 19 Figure 4-7. Upload SSL In the Upload SSL page applicable only to a Proxy connecting to the central RHN Servers, locate the tar file created using the RHN SSL Maintenance Tool using the Browse button. It will be named rhn-org-httpd-ssl-archive-MACHINENAME-VERSION .tar with the machine name reflecting the Proxy’s hostname. Once located, click continue. Figure 4-8. Configure Monitoring 15.
20 Chapter 4. Installation Server or another Proxy which is in turn connected to a Satellite. You cannot achieve Monitoring through the central RHN Servers. When finished, click continue. The Install Progress page appears. Figure 4-9. Install Progress 16. In the Install Progress page, you may monitor the steps of the installation as they take place. Click the link to any step to go to its Action Details page.
Chapter 5. RHN Package Manager The RHN Package Manager is a command line tool that allows an organization to serve local packages associated with a private RHN channel through the RHN Proxy Server. If you want the RHN Proxy Server to update only official Red Hat packages, you do not need to install the RHN Package Manager. To use the RHN Package Manager, install the rhns-proxy-package-manager package and its dependencies. Only the header information for packages is uploaded to the RHN Servers.
22 Chapter 5. RHN Package Manager pkg-list is the list of packages to be uploaded. Alternatively, use the -d option to specify the local directory that contains the packages to add to the channel. Ensure the directory contains only the packages to be included and no other files. RHN Package Manager can also read the list of packages from standard input (using --stdin).
Chapter 5. RHN Package Manager 23 Option Description --newest Push only the packages that are newer than packages already pushed to the server for the specified channel. --stdin Read the package names from stdin. --username USERNAME Specify your RHN username. If you do not provide one with this option, you will be prompted for it. --password PASSWORD Specify your RHN password. If you do not provide one with this option, you will be prompted for it. --source Upload source package headers.
24 Chapter 5.
Chapter 6. Troubleshooting This chapter provides tips for determining the cause of and resolving the most common errors associated with RHN Proxy Server. If you need additional help, contact Red Hat Network support at https://rhn.redhat.com/help/contact.pxt. Log in using your Satellite-entitled account to see your full list of options. 6.1.
26 Chapter 6. Troubleshooting After subscribing a registered system to the private channel, you can also execute the command up2date -l --showall on the registered system and look for the packages from the private RHN channel. 2. How can I determine whether the clients are connecting to the Squid server? The /var/log/squid/access.log file logs all connections to the Squid server. 3. The Red Hat Update Agent on the client systems will not connect through the RHN Proxy Server.
Chapter 6. Troubleshooting 27 6.5. Host Not Found/Could Not Determine FQDN Because RHN configuration files rely exclusively on fully qualified domain names (FQDN), it is imperative key applications are able to resolve the name of the RHN Proxy Server into an IP address.
28 Chapter 6. Troubleshooting 6.7. Caching Issues If package delivery fails or an object appears to be corrupt, and it isn’t related to connection errors, you should consider clearing the caches. The RHN Proxy Server has two caches you should be concerned with: one for Squid and the other for authentication. The Squid cache is located in /var/spool/squid/. To clear it, stop the Apache HTTP Server and Squid, delete the contents of that directory, and restart both services.
Chapter 6. Troubleshooting * * * * * * * 29 copying configuration information copying logs querying RPM database (versioning of RHN Proxy, etc.) get diskspace available timestamping creating tarball (may take some time): /tmp/rhn-proxy-debug.tar.bz2 removing temporary debug tree Debug dump created, stored in /tmp/rhn-proxy-debug.tar.bz2 Deliver the generated tarball to your RHN contact or support channel.
30 Chapter 6.
Appendix A. Sample RHN Proxy Server Configuration File The /etc/rhn/rhn.conf configuration file for the RHN Proxy Server provides a means for you to establish key settings. Be warned, however, that errors inserted into this file may cause Proxy failures. So make configuration changes with caution. You should be particularly concerned with the following parameters: traceback_mail and proxy.rhn_parent, if you are also using an RHN Satellite Server.
32 Appendix A.
Index P private channel, 21 A additional requirements, 6 advantages, 2 authentication, 3 authentication caching clearing, 28 C caching issues, 28 channel, 2 creating a private channel, 21 channel administrator, 2 client configuration subscribe to private channel, 22 connection errors, 27 D disk space requirements, 6 G general problems, 26 H hardware requirements, 6 host now found error could not determine FQDN, 27 how it works, 3 HTTP proxy caching server disk space requirements, 6 I installation bas