Red Hat Satellite 5.
Red Hat Satellite 5.
Legal Notice Co pyright © 20 14 Red Hat. This do cument is licensed by Red Hat under the Creative Co mmo ns Attributio n-ShareAlike 3.0 Unpo rted License. If yo u distribute this do cument, o r a mo dified versio n o f it, yo u must pro vide attributio n to Red Hat, Inc. and pro vide a link to the o riginal. If the do cument is mo dified, all Red Hat trademarks must be remo ved.
T able of Cont ent s T able of Contents . .hapt C . . . .er . .1. .. Int . . .roduct . . . . . .ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . . . .hapt C . . . .er . .2. .. Configuring . . . . . . . . . . . Client . . . . . .Applicat . . . . . . . ions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. . . . . . . . . . 2 .1.
Red Hat Sat ellit e 5.7 Client Configurat ion G uide Chapter 1. Introduction This guide is designed to help users of Red Hat Satellite and Red Hat Satellite Proxy to configure their client systems. By default, all Red Hat Network client applications are configured to communicate with central Red Hat Network servers. When clients connect to a Red Hat Satellite or Red Hat Satellite Proxy instead, the default settings change.
Chapt er 2 . Configuring Client Applicat ions Chapter 2. Configuring Client Applications In order to use most enterprise-class features of Red Hat Network, such as registering with Red Hat Satellite, configuration of the latest client applications is required. Obtaining these applications before the client has registered with Red Hat Network can be difficult. This paradox is especially problematic for customers migrating large numbers of older systems to Red Hat Network.
Red Hat Sat ellit e 5.7 Client Configurat ion G uide 2.1. Regist ering Client s wit h Red Hat Sat ellit e Server The following procedure describes how to use the rhn_reg i ster command to register a system with Red Hat Satellite. Ensure you replace the example host names and domain names with those that apply to your configuration. Pro ced u re 2.1. T o U se rh n _reg ist er t o R eg ist er a Syst em wit h R ed H at Sat ellit e: 1.
Chapt er 2 . Configuring Client Applicat ions Alternatively, use the bootstrap script (bo o tstrap. sh) that Satellite generates. The bootstrap script, available for both Red Hat Satellite Server and Red Hat Proxy Server, is such a script. Script generation is discussed more in detail in 4.1.1. Using Red Hat Network Bootstrap to Register a System of the Getting Started Guide. To obtain the bootstrap script, run the following command: wget http://satellite.example.com/pub/bootstrap/bootstrap.
Red Hat Sat ellit e 5.7 Client Configurat ion G uide 3. Add the fully qualified domain names (FQD N) of Red Hat Proxy or Red Hat Satellite immediately after the primary server, separated by a semicolon (;). Your client will attempt to connect to these servers in the order provided here. Include as many servers as necessary. For example: serverURL[comment]=Remote server URL serverURL=https://satellite.example.com/XMLRPC; https://your_secondary.your_domain.
Chapt er 3. SSL Infrast ruct ure Chapter 3. SSL Infrastructure For Red Hat Satellite customers, security concerns are of the utmost importance. One of the strengths of Red Hat Satellite is its ability to process every single request using the Secure Sockets Layer (SSL) protocol. To maintain this level of security, customers installing Red Hat Satellite within their infrastructures must generate custom SSL keys and certificates.
Red Hat Sat ellit e 5.7 Client Configurat ion G uide Satellite Server and five Red Hat Proxy Servers will need to generate one CA SSL key pair and six Web server SSL key sets. A CA SSL public certificate is distributed to all systems and used by all clients to establish a connection to their respective upstream servers. Each server has its own SSL key set that is specifically tied to that server's host name and generated using its own SSL private key and the CA SSL private key in combination.
Chapt er 3. SSL Infrast ruct ure The R ed H at Sat ellit e SSL T o o l is not required in the following situations: D uring installation of a Red Hat Satellite Server. All SSL settings are configured during the installation process. The SSL keys and certificate are built and deployed automatically. D uring installation of a Red Hat Proxy Server 3.6 or later if connected to a Red Hat Satellite Server 3.6 or later as its top-level service.
Red Hat Sat ellit e 5.7 Client Configurat ion G uide 8. D elete the build tree from the build system for security purposes, but only after the entire Satellite infrastructure is in place and configured. Note When additional Web server SSL key sets are needed, restore the build tree on a system running the R ed H at Sat ellit e SSL Main t en an ce T o o l and repeat steps 3 through 7. 3.2.2.
Chapt er 3. SSL Infrast ruct ure rhn-o rg -trusted -ssl -cert-VER-REL. no arch. rpm: the RPM prepared for distribution to client systems. This file contains the CA SSL public certificate (above) and installs it as /usr/share/rhn/R HNO R G -T R UST ED -SSL-C ER T rhn-ca-o penssl . cnf: the SSL CA configuration file. l atest. txt: lists the latest versions of the relevant files. When this process is complete, distribute the RPM file to the client systems. See Section 3.
Red Hat Sat ellit e 5.7 Client Configurat ion G uide This RPM file contains the server. key, server. csr, and server. crt files. These files are installed in the following directories: /etc/httpd /co nf/ssl . key/server. key /etc/httpd /co nf/ssl . csr/server. csr /etc/httpd /co nf/ssl . crt/server. crt rhn-server-o penssl . cnf: the Web server's SSL configuration file. l atest. txt: lists the latest versions of the relevant files.
Chapt er 3. SSL Infrast ruct ure The Red Hat Proxy Server and Red Hat Satellite Server both have R ed H at Sat ellit e B o o t st rap installed by default, which can greatly reduce these repetitive steps and simplify the process of registering and configuring client systems. See the Red Hat Satellite Getting Started Guide for details.
Red Hat Sat ellit e 5.7 Client Configurat ion G uide Chapter 4. Red Hat Satellite and Solaris-specific Information This is a section on using Red Hat Satellite with Solaris systems. 4 .1. UNIX Support Guide This chapter documents the installation procedure for, and identifies differences in, Red Hat Network functionality when used to manage UNIX-based client systems. Red Hat Network offers UNIX support to help customers migrate from UNIX to Linux.
Chapt er 4 .
Red Hat Sat ellit e 5.7 Client Configurat ion G uide Additionally, relocating R HAT *. pkg files during installation is not supported. 4 .1.6. Sat ellit e Server Preparat ion and Configurat ion Configure the Satellite to support UNIX clients before the required files are available for deployment to the client systems. This can be accomplished in one of two ways, depending on whether you have installed your Satellite server: 1.
Chapt er 4 . Red Hat Sat ellit e and Solaris- specific Informat ion Note It may be useful to enter the command bash when first logging into the Solaris client. If the BASH shell is available, it will make the system's behavior as Linux-like as possible. 4 .1.7.1.1.
Red Hat Sat ellit e 5.7 Client Configurat ion G uide # crle -c /var/ld/ld.config Make a note of the current D efault Library Path. Next, modify the path to also include the components shown below. Note that the -l option resets the value, rather than appending it, so if there already were values set on your system, prepend them to the -l parameter. On sparc: # crle -c /var/ld/ld.config -l /other/existing/path:/lib:/usr/lib:/usr/local/lib On x86: # crle -c /var/ld/ld.
Chapt er 4 . Red Hat Sat ellit e and Solaris- specific Informat ion # pkgadd -d RHATpossl-0.6-1.p24.6.pkg all # pkgadd -d RHATpythn-2.4.1-2.rhn.4.sol9.pkg all # pkgadd -d RHATrhnl-1.8-7.p23.pkg all ... Note Use the -n option for pkg ad d to run the command in non-interactive mode. However, this may cause the installation of some packages to fail silently on Solaris 10. Continue until each package is installed in the Red Hat Network-specific path: /o pt/red hat/rhn/so l ari s/. 4 .1.7.1.5.
Red Hat Sat ellit e 5.7 Client Configurat ion G uide 2. Move the client SSL certificate to the Red Hat Network-specific directory for your UNIX variant. For Solaris, this can be accomplished with a command similar to: mv /path/to /R HN-O R G -T R UST ED -SSL-C ER T /o pt/red hat/rhn/so l ari s/usr/share/rhn/ When finished, the new client certificate will be installed in the appropriate directory for your UNIX system.
Chapt er 4 . Red Hat Sat ellit e and Solaris- specific Informat ion 4 .1 .8 .1 . Re gist e ring UNIX Syst e m s This section describes the Red Hat Network registration process for UNIX systems. You must use the rhnreg _ks command to accomplish this; the use of activation keys for registering your systems is optional. These keys allow you to predetermine settings within Red Hat Network, such as base channels and system groups, and to apply those automatically to systems during their registration.
Red Hat Sat ellit e 5.7 Client Configurat ion G uide Red Hat Network treats patches similarly to packages; they are listed and installed in the same way and with the same interface as normal packages. Patches are 'numbered' by Solaris, and will have names like " patch-solaris-108434" . The version of a Solaris patch is extracted from the original Solaris metadata, and the release is always 1. Patch Clusters are bundles of patches that are installed as a unit.
Chapt er 4 . Red Hat Sat ellit e and Solaris- specific Informat ion O p t io n D escrip t io n --versi o n -h, --hel p -?, --usag e --tempd i r= --sel ect-arch= D isplays the program's version number and exits D isplays this information and exits Prints program usage information and exits Temporary directory to work from Selects the architecture (i386 or SPARC) for multi-arch packages. 4 .1.8.2.1.2. rh n p u sh wit h .
Red Hat Sat ellit e 5.7 Client Configurat ion G uide T ab le 4 .3. rhnsd O p t io n s O p t io n D escrip t io n -f, -i , -v, -h, -u, -V, Run in foreground Connect to Red Hat Network every MINS minutes Log all actions to syslog Give this help list Give this help list Print program version --fo reg ro und --i nterval = MINS --verbo se --hel p --usag e --versi o n 4 .1.8.2.4 .
Chapt er 4 . Red Hat Sat ellit e and Solaris- specific Informat ion With the flexibility this tool offers comes great risk and the responsibility to mitigate that risk. For all practical purposes, this feature grants a root BASH prompt to anyone with administrative access to the system on the website. This can be controlled, however, through the same config-enable mechanism used to determine which systems can have their configuration files managed by Red Hat Network.
Red Hat Sat ellit e 5.7 Client Configurat ion G uide Chapter 5. Reporting Software Failures You can take advantage of Red Hat Satellite's software failure reporting capabilities and the Automatic Bug Reporting Tool (ABRT) to extend the overall reporting functionality of your systems. This extended functionality allows your clients to automatically report software failures captured by ABRT to the Satellite server, and also to process the captured failures in a centralized fashion.
Chapt er 5. Report ing Soft ware Failures # abrt-cli list @0 Directory: /var/tmp/abrt/ccpp-2013-02-28-15:48:50-8820 count: 2 executable: /usr/bin/python2.7 package: python-2.7.3-13.fc16 time: Thu 28 Feb 2013 03:48:50 PM CET uid: 0 @1 Directory: /var/tmp/abrt/oops-2013-02-27-14:16:03-8107-1 count: 3 package: kernel time: Wed 27 Feb 2013 02:16:03 PM CET 2. After you have identified the failure that you want to report, use the --repo rt option to send the report to the Satellite server.
Red Hat Sat ellit e 5.7 Client Configurat ion G uide Revision History R evisio n 3- 28 Minor maintenance updates T u e Feb 17 2015 D an Macp h erso n R evisio n 3- 27 T u e Feb 3 2015 Pushing maintenance update for Satellite 5.7 D an Macp h erso n R evisio n 3- 26 Wed Jan 7 2015 Packaging snapshot versions D an Macp h erso n R evisio n 3- 25 T h u Jan 1 2015 Release Candidate for Satellite 5.
Revision Hist ory First implementation of tech review feedback R evisio n 3- 12 Typo correction Fri Ju l 19 2013 D an Macp h erso n R evisio n 3- 11 Typo correction Fri Ju l 12 2013 D an Macp h erso n R evisio n 3- 10 Final beta updates Fri Ju l 12 2013 D an Macp h erso n R evisio n 3- 8 Update to Beta docs Fri Ju l 12 2013 D an Macp h erso n R evisio n 3- 6 Fri Ju l 12 2013 Update section on CAs. Add section on new reports. Add section on using ABRT. Update section about using rhn_register.
