Red Hat Network Satellite 5.
Red Hat Network Satellite 5.4 Installation Guide Red Hat Network Satellite Edition 2 Landmann rlandmann@redhat.
Legal Notice Copyright © 2010 Red Hat, Inc. T his document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Table of Contents Table of Contents .Chapter . . . . . . . . 1. . . .Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5. . . . . . . . . . 1.1. Red Hat Network 5 1.2. RHN Satellite 5 1.3. T erms to Understand 5 1.4. How it Works 5 1.5. Summary of Steps 6 1.6. Upgrades 7 1.6.1. Satellite Certificate 7 1.6.2. Satellite Upgrade Documentation Package (rhn-upgrade) 7 1.6.3.
Red Hat Network Satellite 5.4 Installation Guide 6.3. Synchronizing 6.3.1. Synchronizing Errata and Packages Directly via RHN 6.3.2. Synchronizing Errata and Packages via Local Media 6.4. Inter-Satellite Sync 6.4.1. Recommended Models for Inter-Satellite Sync 6.4.2. Configuring the Master RHN Satellite Server 6.4.3. Configuring the Slave RHN Satellite Servers 6.5. Using Inter-Satellite Sync 6.5.1. Syncing between a Development Staging Server and a Production Satellite 6.5.2. Bi-directional sync 6.6.
Table of Contents S T U 45 45 45 3
Red Hat Network Satellite 5.
Chapter 1. Introduction Chapter 1. Introduction RHN Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows Red Hat Network customers the greatest flexibility and power in keeping servers secure and updated. T wo types of RHN Satellite are available: One with a stand-alone database on a separate machine and one with an embedded database installed on the same machine as the Satellite.
Red Hat Network Satellite 5.4 Installation Guide is installed on the same machine as the Satellite during the installation process. RHN Satellite — core "business logic" and entry point for Red Hat Update Agent running on client systems. T he RHN Satellite also includes an Apache HT T P Server (serving XML-RPC requests). RHN Satellite Web interface — advanced system, system group, user, and channel management interface.
Chapter 1. Introduction 9. Use the RHN Satellite Synchronization T ool to import the channels and associated packages into the Satellite. 10. Register a representative machine for each distribution type, or channel (such as Red Hat Enterprise Linux 5 or 6), to the Satellite. 11. Copy (using SCP) the rhn_register and up2date configuration files from the /etc/sysconfig/rhn/ directory of each machine individually to the /pub/ directory on the Satellite. T he rhn-org-trusted-ssl-cert-* .noarch.
Red Hat Network Satellite 5.4 Installation Guide Chapter 2. Requirements T hese requirements must be met before installation. 2.1. Software Requirements T o perform an installation, the following software components must be available: Base operating system — RHN Satellite is supported with Red Hat Enterprise Linux 5 and 6. T he operating system can be installed from disc, local ISO image, kickstart, or any of the methods supported by Red Hat.
Chapter 2. Requirements T able 2.2. Stand-Alone Database and Embedded Database Satellite Hardware Requirements Stand-Alone Database Embedded Database Required - Intel Core processor, 2.4GHz, 512K cache or equivalent Required - Intel Core processor, 2.4GHz, 512K cache or equivalent Recommended - Intel multi-core processor, 2.4GHz dual processor, 512K cache or equivalent Recommended - Intel multi-core processor, 2.
Red Hat Network Satellite 5.4 Installation Guide Red Hat channels contain approximately 3 GB of packages each, and that size grows with each synchronization; customers must also account for the space requirements of packages in their own private channels. Whatever storage solution the customer chooses, its mount point may be defined during the installation process. If you are installing RHN Satellite with Embedded Database, skip to Section 2.4, “Additional Requirements”. 2.3.
Chapter 2. Requirements T able 2.4 . Ports to open on the Satellite Port Protocol Direction Reason 67 T CP/UDP Inbound Open this port to configure the Satellite system as a DHCP server for systems requesting IP addresses. 69 T CP/UDP Inbound Open this port to configure Satellite as a PXE server and allow installation and re-installation of PXE-boot enabled systems. 80 T CP Outbound Satellite uses this port to reach Red Hat Network.
Red Hat Network Satellite 5.4 Installation Guide includes usernames and passwords for the Organization Administrator account on rhn.redhat.com, the primary administrator account on the Satellite itself, SSL certificate generation, and database connection (which also requires a SID, or net service name). Red Hat strongly recommends this information be copied onto two separate floppy disks, printed out on paper, and stored in a fireproof safe.
Chapter 3. Example Topologies Chapter 3. Example Topologies T he RHN Satellite can be configured in multiple ways. Select one method depending on the following factors: T he total number of client systems to be served by the RHN Satellite. T he maximum number of clients expected to connect concurrently to the RHN Satellite. T he number of custom packages and channels to be served by the RHN Satellite. T he number of RHN Satellites being used in the customer environment.
Red Hat Network Satellite 5.4 Installation Guide Chapter 4. Installation T his chapter describes the initial installation of the RHN Satellite. It presumes the prerequisites listed in Chapter 2, Requirements have been met. If you are instead upgrading to a newer version of RHN Satellite, contact your Red Hat representative for assistance. 4.1. Base Install RHN Satellite is designed to run on the Red Hat Enterprise Linux operating system.
Chapter 4. Installation download and install the RHN GPG key, which will cause the installation to fail. T o import the key manually, use this command: rpm --import /media/RHEL_5/RPM-GPG-KEY-redhat-release 10. T he next step creates and populates the initial database, if you have opted for the RHN Satellite with Embedded Database. If you are installing RHN Satellite with Stand-Alone Database, the installer connects with the database. T his step can take quite a while.
Red Hat Network Satellite 5.4 Installation Guide 17. T he Satellite Configuration - General Configuration page allows you to alter the most basic Satellite settings, such as the admin email address and whether Monitoring is enabled. Figure 4 .3. General Configuration 18. T he RHN Satellite Configuration - Monitoring page allows you to configure the monitoring aspects of this Satellite. T he local mail exchanger and local main domain are used to mail monitoring notification messages to administration.
Chapter 4. Installation Figure 4 .6. Bootstrap 21. T he RHN Satellite Configuration - Restart page contains the final step in configuring the Satellite. Click the Restart button to restart the Satellite in order to incorporate all of the configuration options added on the previous screens. Note that it will take between four and five minutes for the restart to finish. Figure 4 .7. Restart 22. Once the Satellite has restarted, the countdown notice disappears.
Red Hat Network Satellite 5.4 Installation Guide deployment must be automated. An example answer file can be found in the install/ directory of the CD or ISO, and is titled answers.txt. Follow the steps below to perform an automated install with an answer file: 1. Follow steps 1 through 5 from Section 4.2, “RHN Satellite Installation Program”. 2. Copy the example answers.txt file to /tm p/answers.txt cp answers.txt /tmp/answers.txt 3. Edit the file and add your organization's desired options. 4.
Chapter 4. Installation "DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl" to: "DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl" T hen, have the alias processed like so: newaliases Finally, update the sendm ail-cf package: yum update sendmail-cf Note, disconnected installs must obtain this package from the ISO. Restart sendmail: service sendmail restart 4.6.
Red Hat Network Satellite 5.4 Installation Guide Chapter 5. Entitlements T he RHN Satellite, like RHN itself, provides all services to customers through the setting of entitlements. For RHN, entitlements are purchased by customers as needed; however, for RHN Satellite, entitlements are contractually agreed-upon beforehand, and they are set at installation time.
Chapter 5. Entitlements T able 5.1. RHN Entitlement Certificate Options Option Description -h, --help Display the help screen with a list of options. --sanity-only Confirm certificate sanity. Does not activate the Satellite locally or remotely. --disconnected Activates locally but not on remote RHN Servers. --rhn-cert=/PATH/TO/CERT Uploads new certificate and activates the Satellite based upon the other options passed (if any).
Red Hat Network Satellite 5.4 Installation Guide Chapter 6. Importing and Synchronizing After installing the RHN Satellite, you must provide it with the packages and channels to be served to client systems. T his chapter explains how to import that data and keep it up to date whether the content is from RHN's central servers, local media, or from one Satellite within your organization to another.
Chapter 6. Importing and Synchronizing 6.1.2.1. Running the Export First, be sure to configure the Satellite in the manner that you would either like to duplicate in another Satellite or back up to a storage solution. Second, select the contents you would like to export. You can choose not to export RPMs, errata, or kickstarts by using the options mentioned in Section 6.1.1, “rhnsatellite-exporter”. Finally, execute the command as root.
Red Hat Network Satellite 5.4 Installation Guide T able 6.2. Satellite Import/Sync Options Option Description -h, --help Display this list of options and exit. -d=, --db=DB Include alternate database connect string: username/password@SID. -m =, --m ount-point=MOUNT_POINT Import/sync from local media mounted to the Satellite. T o be used in closed environments (such as those created during disconnected installs). --list-channels List all available channels and exit.
Chapter 6. Importing and Synchronizing 5. Create a target directory for the files, such as: mkdir /var/rhn-sat-import/ 6. T his sample command assumes the administrator wants to copy the contents of the ISO (mounted in /m nt/im port/) into /var/rhn-sat-im port/: cp -ruv /mnt/import/* /var/rhn-sat-import/ 7. T hen unmount /m nt/im port in preparation for the next CD or ISO: umount /mnt/import 8. Repeat these steps for each Channel Content ISO of every channel to be imported. 6.2.2.2.
Red Hat Network Satellite 5.4 Installation Guide Channel metadata Metadata of all packages in that channel Metadata for all Errata that affect that channel Note All analysis is performed on the RHN Satellite; the central RHN Servers deliver only an export of its channel information and remain ignorant of any details regarding the RHN Satellite. 3. After the analysis of the export data, any differences are imported into the RHN Satellite database.
Chapter 6. Importing and Synchronizing Slave Satellite. Figure 6.3. Slave Satellites are maintained exactly as the master Satellite In this example, the master Satellite (for example, a software or Hardware vendor) provides data to its customer. T hese changes are regularly synchronized to slave Satellites. 6.4.2. Configuring the Master RHN Satellite Server T o use the inter-satellite sync feature, you must first ensure that you have it enabled. Make sure that the /etc/rhn/rhn.
Red Hat Network Satellite 5.4 Installation Guide satellite-sync --iss-parent=staging-satellite.example.com -c custom-channel 6.5.2. Bi-directional sync Administrators can configure an environment where two RHN Satellite servers act as masters of each other. For example, Satellite A and B can sync content from one another. Figure 6.5. Bi-directional syncing Both Satellites would need to share SSL certificates, then set the iss_parent option in the /etc/rhn/rhn.
Chapter 7. Troubleshooting Chapter 7. Troubleshooting T his chapter provides tips for determining the cause of and resolving the most common errors associated with RHN Satellite. If you need additional help, contact Red Hat Network support at https://rhn.redhat.com/help/contact.pxt. Log in using your Satellite-entitled account to see the full list of options. T o begin troubleshooting general problems, examine the log file or files related to the component exhibiting failures.
Red Hat Network Satellite 5.4 Installation Guide Satellite with Stand-Alone Database. Confirm the correct package: 7 rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm is installed on the RHN Satellite and the corresponding rhn-org-trusted-ssl-cert* .noarch.rpm or raw CA SSL public (client) certificate is installed on all client systems. Verify the client systems are configured to use the appropriate certificate.
Chapter 7. Troubleshooting Note T o use spacewalk-report you must have the spacewalk-reports package installed. spacewalk-report allows administrators to organize and display reports about content, errata, systems, system event history, and user resources across the Satellite. T he spacewalk-report command is used to generate reports on: System Inventory — Lists all of the systems registered to the Satellite. Entitlements — Lists all organizations on the Satellite, sorted by system or channel entitlements.
Red Hat Network Satellite 5.4 Installation Guide 7.5. Errors Q: I'm getting an "Error validating satellite certificate" error during RHN Satellite installation. How do I fix it? A: An "Error validating satellite certificate" error during RHN Satellite installation is caused by having an HT T P proxy in the environment. T his can be confirmed by looking at the install.
Chapter 7. Troubleshooting RHN_PARENT: satellite.rhn.redhat.com Error reported from RHN: ERROR: unhandled XMLRPC fault upon remote activation: ERROR: Invalid satellite certificate T o resolve this issue, contact Red Hat support services for a new certificate.
Red Hat Network Satellite 5.4 Installation Guide 127.0.0.1 localhost.localdomain.com localhost 123.45.67.8 this_machine.example.com this_machine Replace the value here with the actual IP address of the Satellite. T his should resolve the problem. Keep in mind, if the specific IP address is stipulated, the file will need to be updated when the machine obtains a new address. Q: I'm getting a "T his server is not an entitled Satellite" when I try to synchronize the RHN Satellite server.
Chapter 8. Maintenance Chapter 8. Maintenance Because of the RHN Satellite's unique environment, its users are provided with abilities not available to any other Red Hat Network customers. In addition, the Satellite itself also requires maintenance. T his chapter discusses the procedures that should be followed to carry out administrative functions outside of standard use, as well as to apply patches to the RHN Satellite. 8.1.
Red Hat Network Satellite 5.4 Installation Guide time in downloading and reinstalling but would require additional disk space and back up time. Note Regardless of the back-up method used, when you restore the Satellite from a back-up, you must run the following command to schedule the recreation of search indexes the next time the rhnsearch service is started: /etc/init.d/rhn-search cleanindex 8.4. Using RHN DB Control RHN Satellite with Embedded Database requires a utility for managing that database.
Chapter 8. Maintenance Backup files are stored in the directory specified. Note that this is a cold backup; the database must be stopped before running this command. T his process takes several minutes. T he first backup is a good indicator of how long subsequent backups will take.
Red Hat Network Satellite 5.4 Installation Guide /sbin/service taskomatic stop You may use custom scripting or other means to establish automatic start-up/failover of the RHN T ask Engine on the secondary Satellite. Regardless, it will need to be started upon failover. 7. Share channel package data (by default located in /var/satellite) between the Satellites over some type of networked storage device. T his eliminates data replication and ensures a consistent store of data for each Satellite. 8.
Chapter 8. Maintenance Figure 8.2. User Delete Confirmation Many other options exist for managing users. You can find instructions for them in the RHN website chapter of the RHN Reference Guide. 8.8.2. Configuring Satellite Search Satellite Administrators may want to configure certain search options to customize search results for their own optimization requirements. RHN Satellite search results can be customized via the /etc/rhn/search.rhn-search.conf file.
Red Hat Network Satellite 5.4 Installation Guide Note T o ensure that PAM authentication functions properly, install the pam -devel package. Configuring RHN Satellite to use PAM 1. Create a PAM service file in the /etc/pam .d/ directory: touch /etc/pam.d/rhn-satellite 2. Edit the file with the following information: auth auth auth account account required sufficient required sufficient required pam_env.so pam_sss.so pam_deny.so pam_sss.so pam_deny.so 3.
Sample RHN Satellite Configuration File Sample RHN Satellite Configuration File T he /etc/rhn/rhn.conf configuration file for the RHN Satellite provides a means for you to establish key settings. Be warned, however, that errors inserted into this file may cause Satellite failures. So make configuration changes with caution. You should be particularly concerned with the following parameters: traceback_mail, default_db, and server.satellite.http_proxy.
Red Hat Network Satellite 5.4 Installation Guide Revision History Revision 2-10.4 00 Rebuild with publican 4.0.
Revision History - import process, Preparing Channel Content ISOs channel content ISOs - preparing, Preparing Channel Content ISOs channel package - default location - /var/satellite/ , Base Install chkconfig , Additional Requirements cloning satellite, Cloning the Satellite with Embedded DB Configuration Administrator - definition, T erms to Understand D database requirements - Oracle access level, Database Requirements database RPMs - default location - /opt/ , Base Install db-control - options, DB
Red Hat Network Satellite 5.
Revision History rogerthat01@{mail domain} , Sendmail Configuration S Satellite configuration - search, Configuring Satellite Search Satellite Installation Program - options, Options to the Satellite Installation Program Satellite Ports, Additional Requirements satellite redundancy, Establishing Redundant Satellites with Stand-Alone DB satellite-sync , Running the Import, Synchronizing Errata and Packages Directly via RHN - --step=channel-families , Running the Import - --step=channels , Running the Imp
