Red Hat Satellite 5.
Red Hat Satellite 5.
Legal Notice Co pyright © 20 14 Red Hat. This do cument is licensed by Red Hat under the Creative Co mmo ns Attributio n-ShareAlike 3.0 Unpo rted License. If yo u distribute this do cument, o r a mo dified versio n o f it, yo u must pro vide attributio n to Red Hat, Inc. and pro vide a link to the o riginal. If the do cument is mo dified, all Red Hat trademarks must be remo ved.
T able of Cont ent s T able of Contents .Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . . 1. G etting Help and G iving Feed b ac k 2 1.1. Do Yo u Need Help ? 2 1.2. We Need Feed b ac k 2 . .hapt C . . . .er . .1. .. Int . . .roduct . . . . . .ion . . .t.o. Red . . . . Hat . . . . Sat . . . ellit ...e . .Proxy . . . . . . . . . . . . . . . . . . . . . . . .
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide Preface 1. Get t ing Help and Giving Feedback 1.1. Do You Need Help? If you experience difficulty with a procedure described in this documentation, visit the Red Hat Customer Portal at http://access.redhat.com. From the Customer Portal, you can: Search or browse through a knowledge base of technical support articles about Red Hat products. Submit a support case to Red Hat Global Support Services (GSS). Access other product documentation.
Chapt er 1 . Int roduct ion t o Red Hat Sat ellit e Proxy Chapter 1. Introduction to Red Hat Satellite Proxy 1.1. Red Hat Sat ellit e Proxy Server Red Hat Satellite Proxy Server is a package-caching mechanism that reduces the bandwidth requirements for Red Hat Satellite and enables custom package deployment. Satellite Proxy customers cache RPM packages, such as Errata Updates from Red Hat or custom packages generated by their organization, on an internal, centrally-located server.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide Important Red Hat strongly recommends that clients connected to a Satellite Proxy server be running the latest update of Red Hat Enterprise Linux to ensure proper connectivity. Clients that access a Red Hat Satellite Proxy are still authenticated by Red Hat Satellite but in this case the Satellite Proxy provides both authentication and route information to Red Hat Satellite.
Chapt er 1 . Int roduct ion t o Red Hat Sat ellit e Proxy server). If the Red Hat Package Manager is used, the client systems must be subscribed to the private Red Hat channel.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide Chapter 2. Requirements This chapter focuses on the prerequisites for installing Red Hat Satellite Proxy Server. 2.1. Soft ware Requirement s To perform an installation, the following software-related components must be available: Base operating system: Satellite 5.7 and Satellite Proxy 5.7 are only supported on Red Hat Enterprise Linux 6. You can install the operating system using any of the methods supported by Red Hat.
Chapt er 2 . Requirement s O b t ain in g t h e R eq u ired Packag e Set s Each version of Red Hat Enterprise Linux requires a certain package set to support Satellite Proxy. Adding more packages can cause errors during installation.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide 2.3. Addit ional Requirement s The following additional requirements must be met before the Satellite Proxy installation can be considered complete: F u ll Access Client systems need full network access to the Satellite Proxy services and ports. F irewall R u les Red Hat strongly recommends setting up a firewall between the Satellite Proxy and the Internet.
Chapt er 2 . Requirement s Network bandwith is important for communication among Satellites, Proxies, and Clients. To accomodate high volume traffic, Red Hat recommends a high bandwidth on a network capable of delivering packages to many systems and clients. As a guide, Red Hat provides a set of estimates for package transfer from one system to another over various speeds. T ab le 2.2.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide Chapter 3. Installing Red Hat Satellite Proxy This chapter describes the installation and basic configuration of Red Hat Satellite Proxy Server. It assumes the prerequisites listed in Chapter 2, Requirements have been met. However, if you are upgrading to a later version of Red Hat Satellite Proxy Server, see Chapter 7, Upgrading a Red Hat Proxy Server Installation. 3.1.
Chapt er 3. Inst alling Red Hat Sat ellit e Proxy add these subscriptions to the entitlement certificate. 8. Click the D o wnl o ad Satel l i te C erti fi cate and save the entitlement certificate. The updated certificate now contains entitlements for Red Hat Satellite Proxy. The next section shows how to upload this refreshed certificate to your Satellite server. 3.3.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide Note The installation program automatically calculates the available space on the partition where /var/spo o l /sq ui d is mounted and allocates up to 60 per cent of the free space for use by Satellite Proxy. Ensure the firewall rules are updated to meet the requirements stated in Section 2.3, “ Additional Requirements” . Modify your i ptabl es settings and restart the service. Install the packages required by Red Hat Satellite Proxy Server.
Chapt er 3. Inst alling Red Hat Sat ellit e Proxy 4. Install the Satellite Proxy installation package. This package contains the main script that leads you through the actual Satellite Proxy installation. [ro o t@ satpro xy ~ ]# yum i nstal l spacewal k-pro xy-i nstal l er 3.6. Running t he Red Hat Sat ellit e Proxy Inst allat ion Script The command-line installation program guides you through the actual Satellite Proxy installation process.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide Press Enter to use the default path for the Certificate Authority (CA) Chain. If the Satellite Proxy is communicating with Red Hat Satellite, then this value is usually /usr/share/rhn/R HN-O R G -T R UST ED -SSL-C ER T . Otherwise, custom SSL certificates must be located in the /usr/share/rhn/ directory. S at ellit e Pro xy versio n t o act ivat e Request for confirmation of the version of Satellite Proxy to install.
Chapt er 3. Inst alling Red Hat Sat ellit e Proxy You do not have monitoring installed. Do you want to install it? Will run 'yum install spacewalk-proxy-monitoring'. [Y/n]: Confirm whether or not you want to install Monitoring support on the Satellite Proxy server. This installs the Monitoring packages to the Satellite Proxy. C o n f ig u re SSL The co nfi g ure-pro xy.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide Local file /etc/jabberd/c2s.xml -> remote file /etc/jabberd/c2s.xml Local file /etc/jabberd/sm.xml -> remote file /etc/jabberd/sm.xml R est art services The final step of the installation process is to restart all of the Satellite Proxy-related services. The installation program exits when this step is completed. Examp le 3.4 . R est art in g all Sat ellit e Pro xy Server- relat ed Services Enabling Satellite Proxy Shutting down rhn-proxy...
Chapt er 3. Inst alling Red Hat Sat ellit e Proxy SSL_CITY=Raleigh SSL_STATE=NC SSL_COUNTRY=US INSTALL_MONITORING=N ENABLE_SCOUT=N CA_CHAIN=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT POPULATE_CONFIG_CHANNEL=Y Use the --answer-fi l e option with the co nfi g ure-pro xy. sh script to use an answer file to help automate your Satellite Proxy installation, as shown in the following example. Replace the example answers_fi l e. txt file name with the path to your answer file. # co nfi g ure-pro xy.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide Chapter 4. Custom Channel Package Manager This is a section on using Red Hat Satellite Proxy with the Custom Channel Package Manager. 4 .1. Using t he Cust om Channel Package Manager and Serving Local Packages t hrough t he Red Hat Net work Proxy The Custom Channel Package Manager is a command line tool that allows an organization to serve local packages associated with a private Red Hat Satellite channel through the Red Hat Satellite Proxy Server.
Chapt er 4 . Cust om Channel Package Manager 4 .1.2. Uploading Packages Note Only Organization Administrators can upload packages to private Red Hat Satellite channels. The script will prompt you for your Red Hat Satellite credentials. After creating the private channel, upload the package headers for the binary and source RPMs to the Red Hat Satellite Server and copy the packages to the Red Hat Satellite Proxy Broker Server.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide 4 .2. Configuring Proxy Precaching Your Proxy server can precache or mirror custom RPM files. This means that RPM files are delivered directly from the Proxy server to the clients; the clients do not have to wait for the files to download from the Satellite server to the Proxy server, and then be delivered to the client. The Proxy server recognizes RPM requests from yum as well as anaco nd a (for kickstart installations and provisioning).
Chapt er 4 . Cust om Channel Package Manager cron job or similar with an rsync command to download any updated RPM files to the Proxy cache. This assumes that you want to download all of the RPM files on the Satellite server to the Proxy. You need to run the cron job and rsync command as root on the Proxy server, but can then log in to the Satellite server as any user that has read access to the RPM store; this should be all users.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide Chapter 5. Configuring Satellite Proxy to Use CNAME Records One of the features of Red Hat Satellite Proxy is the ability to take advantage of CNAME records, or aliases, instead of the canonical host name. This feature is useful if there are network issues that prevent communication with Red Hat Satellite Proxy using its normal host name or configuration. 5.1.
Chapt er 5. Configuring Sat ellit e Proxy t o Use CNAME Records After the Tomcat service has restarted, refresh the Satellite Proxy server web interface and you should see the CNAMEs listed on the Hard ware tab of the System D etai l s page. Before you can use these CNAMEs, however, you need to create a new set of certificates, and configure the Satellite Proxy to use these certificates.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide Note You can run the co nfi g ure-pro xy. sh script multiple times to test or update configurations, as required.
Chapt er 6 . Load Balancing Sat ellit e Proxy Servers Chapter 6. Load Balancing Satellite Proxy Servers Some environments include a load balancer between Satellite clients and Satellite proxies to distribute the load of Satellite requests, or to help redirect requests to a location closer to the originating client.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide # # SSL configuration # # Ensure you enter each configuration directive on a single line acl is_ssl port 443 https_port 443 cert=/etc/pki/tls/certs/lb.crt key=/etc/pki/tls/certs/lb.key accel vhost name=proxy_ssl cache_peer proxya.example.com parent 443 0 no-query originserver round-robin ssl name=proxya.example.com sslcafile=/etc/pki/tls/certs/squid-ca.crt cache_peer proxyb.example.com parent 443 0 no-query originserver round-robin ssl name=proxyb.
Chapt er 6 . Load Balancing Sat ellit e Proxy Servers -rw-r--r--. 1 root squid -rw-r--r--. 1 root squid -rw-r--r--. 1 root squid 5450 Aug 23 21:23 lb.crt 1675 Aug 23 21:23 lb.key 5363 Aug 22 14:19 squid-ca.crt The cache_peer directives set up the two proxies that will be used in round-robin format. Note that you need to specify the CA certificate so that the load balancer can communicate with the proxies.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide The /var/l o g /sq ui d /access. l o g file on the load balancer should contain information similar to the following: 1377540630.159 97 192.168.100.19 TCP_MISS/200 1515 POST https://lb.example.com/XMLRPC ROUNDROBIN_PARENT/proxya.example.com text/base64 1377540630.733 529 192.168.100.19 TCP_MISS/200 1409 POST https://lb.example.com/XMLRPC ROUNDROBIN_PARENT/proxyb.example.com text/xml 1377540639.968 87 192.168.100.19 TCP_MISS/200 3742 POST https://lb.
Chapt er 7 . Upgrading a Red Hat Proxy Server Inst allat ion Chapter 7. Upgrading a Red Hat Proxy Server Installation This chapter describes how to upgrade your Proxy Server installation. These instructions assume that you have a fully functional Proxy Server and its required entitlements. 7.1. Prerequisit es The latest version of Red Hat Satellite Proxy Server requires: Red Hat Enterprise Linux 6 (64-bit only). Removal of the previous Proxy server's system profile from the parent Satellite server. 7.2.
Red Hat Sat ellit e 5.
Sample Sat ellit e Proxy Server Configurat ion File Sample Satellite Proxy Server Configuration File The /etc/rhn/rhn. co nf configuration file for the Satellite Proxy provides a means for administrators to establish key settings. Take care when making any changes, however, because any configuration errors in this file may cause Satellite Proxy failures. Pay close attention to the traceback_mai l and pro xy. rhn_parent parameters.
Red Hat Sat ellit e 5.7 Proxy Inst allat ion G uide Glossary of Terms To better understand Red Hat Satellite Proxy, it is important to become familiar with the following Red Hat Satellite terms: C h an n el A channel is a list of software packages. There are two types of channels: base channels and child channels. A base channel consists of a list of packages based on a specific architecture and Red Hat release. A child channel is a channel associated with a base channel that contains extra packages.
Revision Hist ory Revision History R evisio n 4 - 9 Mo n Ap r 20 2015 Fixing typo in load balancing section D an Macp h erso n R evisio n 4 - 8 T h u Feb 19 2015 Removing unnecessary channel D an Macp h erso n R evisio n 4 - 7 Minor Maintenance updates D an Macp h erso n T u e Feb 17 2015 R evisio n 4 - 6 T u e Feb 3 2015 Pushing maintenance update for Satellite 5.
Red Hat Sat ellit e 5.
Revision Hist ory R evisio n 3- 0 Wed Ju l 4 2012 Prepared for 5.
