1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. NETWORK 3.6 -
  6. Configuration manual

Red Hat NETWORK 3.6 - CLIENT Configuration Manual

Client configuration
Hide thumbs Also See for NETWORK 3.6 - CLIENT:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Manual
Red Hat Network 3.6
Client Configuration Guide

Advertisement

Table of Contents
loading

Related Manuals for Red Hat NETWORK 3.6 - CLIENT

Summary of Contents for Red Hat NETWORK 3.6 - CLIENT

  • Page 1 Red Hat Network 3.6 Client Configuration Guide...
  • Page 2 Red Hat Network 3.6: Client Configuration Guide Copyright © 2001 - 2004 by Red Hat, Inc. RHNclient-config(EN)-3.6-RHI (2004-12-07T20:04) Copyright © 2001 - 2004 by Red Hat, Inc. Red Hat, Red Hat Network, the Red Hat "Shadow Man" logo, RPM, Maximum RPM, the RPM logo, Linux Library, PowerTools, Linux Undercover, RHmember, RHmember More, Rough Cuts, Rawhide and all Red Hat-based trademarks and logos are trademarks or registered trademarks of Red Hat, Inc.

  • Page 3: Table Of Contents

    Table of Contents 1. Introduction............................. 1 2. Client Applications.......................... 3 2.1. Deploying the Latest Red Hat Network Client RPMs ............3 2.2. Configuring the Client Applications .................. 3 2.2.1. Registering with Activation Keys ............... 4 2.2.2. Using the Option ................ 4 --configure 2.2.3.

  • Page 5: Introduction

    Chapter 1. Introduction This best practices guide is intended to help customers of RHN Satellite Server and RHN Proxy Server more easily configure their client systems. By default, all Red Hat Network client applications are configured to communicate with central Red Hat Network Servers.
  • Page 6 Chapter 1. Introduction...

  • Page 7: Client Applications

    Chapter 2. Client Applications Most of the enterprise-class features of Red Hat Network have required changes to the Red Hat Net- work client applications themselves. Of course, it’s difficult to get the latest versions of these applica- tions until the systems are registered with Red Hat Network. This sort of chicken-and-egg problem is especially problematic for customers who want to migrate large numbers of older systems to Red Hat Network.

  • Page 8: Registering With Activation Keys

    Chapter 2. Client Applications 2.2. Configuring the Client Applications Not every customer will need to connect securely to an RHN Satellite Server or RHN Proxy Server within their organization. And not every customer will need to build and deploy a GPG key for custom packages.

  • Page 9: Using The 2.2.3. Updating The Configuration Files Manually

    Chapter 2. Client Applications 2.2.2. Using the Option --configure Both the Red Hat Network Registration Client and the Red Hat Update Agent that ship with Red Hat Enterprise Linux provide interfaces for configuring various settings. For full listings of these settings, refer to the chapters dedicated to the applications in the RHN Management Reference Guide.
  • Page 10 Chapter 2. Client Applications Warning Systems running Red Hat Enterprise Linux 3 or newer have registration functionality built into the Red Hat Update Agent and therefore do not have the Red Hat Network Registration Client installed. Systems running Red Hat Enterprise Linux 2.1 (and versions of Red Hat Linux prior to 8.0) still need to reconfigure and use the Red Hat Network Registration Client, as well as the Red Hat Update Agent.

  • Page 11: Configuring The Red Hat Network Alert Notification Tool With Satellite

    Chapter 2. Client Applications To configure the Red Hat Update Agent on the client systems connecting to the RHN Proxy Server or RHN Satellite Server, edit the values of the settings in the serverURL noSSLServerURL configuration file (as root). Replace the default Red Hat Network /etc/sysconfig/rhn/up2date URL with the fully qualified domain name (FQDN) for the RHN Proxy Server or RHN Satellite Server.
  • Page 12 Chapter 2. Client Applications 1. Ensure you’re running RHN Satellite Server 3.4 or later and have the package rhns-applet installed on the Satellite. The package can be found in the RHN Satellite software channel for versions 3.4 and newer. 2. Install the package on all Red Hat Enterprise Linux 3 and newer sys- rhn-applet-actions tems to be notified of custom updates with the Red Hat Network Alert Notification Tool.

  • Page 13: Ssl Infrastructure

    Chapter 3. SSL Infrastructure For Red Hat Network customers, security concerns are of the utmost importance. One of the strengths of Red Hat Network is its ability to process every single request over Secure Sockets Layer, or SSL. To maintain this level of security, customers installing Red Hat Network within their infrastructures must generate custom SSL keys and certificates.

  • Page 14: The Rhn Ssl Maintenance Tool

    Chapter 3. SSL Infrastructure verifiable association between the Web server’s SSL public certificate and the CA SSL key pair and server’s private key. The Web server’s key set cannot be shared with other web servers. Important The most critical portion of this system is the CA SSL key pair. From that private key and public certificate an administrator can regenerate any Web server’s SSL key set.

  • Page 15: Ssl Generation Explained

    Chapter 3. SSL Infrastructure In short, if your organization’s RHN infrastructure deploys the latest version of RHN Satellite Server as its top-level service, you will likely have little need to use the tool. Otherwise, you will have to be familiar with its usage. 3.2.1.
  • Page 16 Chapter 3. SSL Infrastructure Option Description Option Description Generate a Certificate Authority (CA) key pair and --gen-ca public RPM. This must be issued with any of the remaining options in this table. Display the help screen with a list of base options --help specific to generating and managing a Certificate Authority.
  • Page 17 Chapter 3. SSL Infrastructure Option Description Rarely used - Generate only a CA private key. Review --key-only for more --gen-ca --key-only --help information. Rarely used - Generate only a CA public certificate. --cert-only Review for more --gen-ca --cert-only --help information. Rarely used - Generate only an RPM for deployment.
  • Page 18 Chapter 3. SSL Infrastructure Option Description The company or organization. The default is Example --set-org=ORGANIZATION Corp. Inc. The organizational unit. The default is section. --set-org-unit=ORGANIZATIONAL_HURT The common name, typically host plus domain name. --set-common-name=HOSTNAME The hostname of the RHN Server to receive the key. --set-hostname=HOSTNAME The default is dynamically set to the build machine’s hostname.

  • Page 19: Generating The Certificate Authority Ssl Key Pair

    Chapter 3. SSL Infrastructure 3.2.3. Generating the Certificate Authority SSL Key Pair Before creating the SSL key set required by the Web server, you must have a Certificate Authority (CA) SSL key pair generated. A CA SSL public certificate gets distributed to client systems of the Satellite or Proxy.

  • Page 20: Deploying The Ca Ssl Public Certificate To Clients

    Chapter 3. SSL Infrastructure — • rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm prepared for distribution to RHN Servers. Its associated src.rpm file is also generated. This RPM contains the above three files. It will install them in these locations: /etc/httpd/conf/ssl.key/server.key • /etc/httpd/conf/ssl.csr/server.csr • /etc/httpd/conf/ssl.crt/server.crt • rhn-server-openssl.cnf —...

  • Page 21: Importing Custom Gpg Keys

    Chapter 4. Importing Custom GPG Keys For customers who plan to build and distribute their own RPMs securely, it’s strongly recommended that all custom RPMs are signed using GNU Privacy Guard (GPG). Generating GPG keys and building GPG-signed packages are covered in the Red Hat Network Channel Management Guide. Once the packages are signed, the public key must be deployed on all systems importing these RPMs.
  • Page 22 Chapter 4. Importing Custom GPG Keys...

  • Page 23: Using Rhn Bootstrap

    Chapter 5. Using RHN Bootstrap Red Hat provides a tool designed to accomplish much of the reconfiguration described within this guide in one fell swoop: RHN Bootstrap. This tool plays an integral role in the RHN Satellite Server Installation Program, enabling generation of the bootstrap script during installation. But RHN Proxy Server customers and those who’ve updated their Satellite settings need a bootstrap tool that can be used separately.

  • Page 24: Generation

    Chapter 5. Using RHN Bootstrap Red Hat recommends your RPMs be signed by a custom GNU Privacy Guard (GPG) key. Make • the key available so you may refer to it from the script. Generate the key as described in the RHN Channel Management Guide and place the key in the directory of the RHN /var/www/html/pub/...

  • Page 25: Rhn Bootstrap Options

    Chapter 5. Using RHN Bootstrap cat bootstrap-EDITED-NAME.sh | ssh root@CLIENT_MACHINE1 /bin/bash A less secure alternative is to use either to retrieve and run the script from every client wget curl system. Log into each client machine and issue the following command, altering script and hostname accordingly: wget -qO- https://test.com/pub/bootstrap/bootstrap-EDITED-NAME.sh | /bin/bash Or with,...
  • Page 26 Chapter 5. Using RHN Bootstrap Option Description Boolean; including this option sets the system to --allow-config-actions allow all configuration actions via RHN. This requires installing certain rhncfg-* packages, possibly through an activation key. Boolean; including this option sets the system to --allow-remote-commands allow arbitrary remote commands via RHN.

  • Page 27: Manually Scripting The Configuration

    \ http://your_proxy_or_sat.your_domain.com/pub/up2date-3.0.7-1.i386.rpm \ http://your_proxy_or_sat.your_domain.com/pub/up2date-gnome-3.0.7-1.i386.rpm # Second, reconfigure the clients to talk to the correct server. perl -p -i -e ’s/s/www\.rhns\.redhat\.com/your_proxy_or_sat\.your_domain\.com/g’ \ /etc/sysconfig/rhn/rhn_register \ /etc/sysconfig/rhn/up2date # Third, install the SSL client certificate for your company’s # RHN Satellite Server or RHN Proxy Server.
  • Page 28 Chapter 6. Manually Scripting the Configuration Like its components, this script may be centrally located. By placing this script in the directory /pub/ of the server, running on it, and piping the output to a shell session, one may run the entire wget -O- bootstrap process with a single command from each client: wget -O- http://your_proxy_or_sat.your_domain.com/pub/bootstrap_script | bash...

  • Page 29: Implementing Kickstart

    # of these options, consult the Red Hat Linux Customization Guide. lang en_US langsupport --default en_US en_US keyboard defkeymap network --bootproto dhcp install url --url ftp://ftp.widgetco.com/pub/redhat/linux/7.2/en/os/i386 zerombr yes clearpart --all part /boot --size 128 --fstype ext3 --ondisk hda part /...
  • Page 30 Chapter 7. Implementing Kickstart @ Games and Entertainment @ Sound and Multimedia Support # Now for the interesting part. %post ( # Note that we run the entire %post section as a subshell for logging. # Remember that nifty one-line command for the bootstrap script that we # went through? This is an ideal place for it.

  • Page 31: Sample Bootstrap Script

    Appendix A. Sample Bootstrap Script script generated by the RHN Satellite /var/www/html/pub/bootstrap/bootstrap.sh Server installation program and available to both Satellite and RHN Proxy Server customers through the use of RHN Bootstrap provides the ability to reconfigure client systems to use the RHN Server easily.
  • Page 32 Appendix A. Sample Bootstrap Script echo "following:" echo " - copy this file to a name specific to it’s use." echo " (e.g., to bootstrap-SOME_NAME.sh - like bootstrap-web-servers.sh.)" echo " - on the website create an activation key or keys for the system(s) to" echo "...
  • Page 33 Appendix A. Sample Bootstrap Script HTTP_PUB_DIRECTORY=http://${HOSTNAME}/pub HTTPS_PUB_DIRECTORY=https://${HOSTNAME}/pub if [ $USING_SSL -eq 0 ] ; then HTTPS_PUB_DIRECTORY=${HTTP_PUB_DIRECTORY} echo echo "UPDATING RHN_REGISTER/UP2DATE CONFIGURATION FILES" echo "-------------------------------------------------" echo "* downloading necessary files" echo " client_config_update.py..." rm -f client_config_update.py $FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/client_config_update.py echo " ${CLIENT_OVERRIDES}..." rm -f ${CLIENT_OVERRIDES} $FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/${CLIENT_OVERRIDES} if [ ! -f "client_config_update.py"...
  • Page 34 Appendix A. Sample Bootstrap Script # Should have created an activation key or keys on the RHN Server’s # website and edited the value of ACTIVATION_KEYS above. # If you require use of several different activation keys, copy this file and # change the string as needed.

  • Page 35: Index

    Index generating the script, 20 preparing, 19 using, 19 using the script, 20 Symbols RHN SSL Maintenance Tool --configure generating the CA, 15 use of, 5 generating the server certificate, 15 generation explained, 11 options, 11 rhn-ssl-tool, 10 rhn-ssl-tool activation keys generating the CA, 15 registering with, 4 generating the server certificate, 15...

Table of Contents