1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. NETWORK 3.7 -
  6. Configuration manual

Red Hat NETWORK 3.7 - CLIENT Configuration Manual

Client configuration
Hide thumbs Also See for NETWORK 3.7 - CLIENT:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Manual
Red Hat Network 3.7
Client Configuration Guide

Advertisement

Table of Contents
loading

Related Manuals for Red Hat NETWORK 3.7 - CLIENT

Summary of Contents for Red Hat NETWORK 3.7 - CLIENT

  • Page 1 Red Hat Network 3.7 Client Configuration Guide...
  • Page 2 All other trademarks referenced herein are the property of their respective owners. The GPG fingerprint of the security@redhat.com key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E...

  • Page 3: Table Of Contents

    Table of Contents 1. Introduction............................. 1 2. Client Applications.......................... 3 2.1. Deploying the Latest Red Hat Network Client RPMs ............3 2.2. Configuring the Client Applications .................. 3 2.2.1. Registering with Activation Keys ............... 4 2.2.2. Using the Option ................ 4 --configure 2.2.3.

  • Page 5: Introduction

    Chapter 1. Introduction This best practices guide is intended to help customers of RHN Satellite Server and RHN Proxy Server more easily configure their client systems. By default, all Red Hat Network client applications are configured to communicate with central Red Hat Network Servers.
  • Page 6 Chapter 1. Introduction...

  • Page 7: Client Applications

    Chapter 2. Client Applications Most of the enterprise-class features of Red Hat Network have required changes to the Red Hat Net- work client applications themselves. Of course, it’s difficult to get the latest versions of these applica- tions until the systems are registered with Red Hat Network. This sort of chicken-and-egg problem is especially problematic for customers who want to migrate large numbers of older systems to Red Hat Network.

  • Page 8: Registering With Activation Keys

    Chapter 2. Client Applications 2.2. Configuring the Client Applications Not every customer will need to connect securely to an RHN Satellite Server or RHN Proxy Server within their organization. And not every customer will need to build and deploy a GPG key for custom packages.

  • Page 9: Using The 2.2.3. Updating The Configuration Files Manually

    Chapter 2. Client Applications 2.2.2. Using the Option --configure Both the Red Hat Network Registration Client and the Red Hat Update Agent that ship with Red Hat Enterprise Linux provide interfaces for configuring various settings. For full listings of these settings, refer to the chapters dedicated to the applications in the RHN Management Reference Guide.
  • Page 10 Chapter 2. Client Applications Warning Systems running Red Hat Enterprise Linux 3 or newer have registration functionality built into the Red Hat Update Agent and therefore do not have the Red Hat Network Registration Client installed. Systems running Red Hat Enterprise Linux 2.1 (and versions of Red Hat Linux prior to 8.0) still need to reconfigure and use the Red Hat Network Registration Client, as well as the Red Hat Update Agent.

  • Page 11: Implementing Server Failover

    Chapter 2. Client Applications To configure the Red Hat Update Agent on the client systems connecting to the RHN Proxy Server or RHN Satellite Server, edit the values of the settings in the serverURL noSSLServerURL configuration file (as root). Replace the default Red Hat Network /etc/sysconfig/rhn/up2date URL with the fully qualified domain name (FQDN) for the RHN Proxy Server or RHN Satellite Server.

  • Page 12: Configuring The Red Hat Network Alert Notification Tool With Satellite

    Chapter 2. Client Applications serverURL[comment]=Remote server URL serverURL=https://your_primary.your_domain.com/XMLRPC;https://your_secondary.your_domain.com/X noSSLServerURL[comment]=Remote server URL without SSL noSSLServerhttp://your_primary.your_domain.com/XMLRPC;https://your_secondary.your_domain.com/X The servers are attempted in the order provided here. You can include as many servers as you wish. You may list the central RHN Servers, as well. This makes sense, however, only if the client systems can reach the Internet.

  • Page 13: Ssl Infrastructure

    Chapter 3. SSL Infrastructure For Red Hat Network customers, security concerns are of the utmost importance. One of the strengths of Red Hat Network is its ability to process every single request over Secure Sockets Layer, or SSL. To maintain this level of security, customers installing Red Hat Network within their infrastructures must generate custom SSL keys and certificates.

  • Page 14: The Rhn Ssl Maintenance Tool

    Chapter 3. SSL Infrastructure verifiable association between the Web server’s SSL public certificate and the CA SSL key pair and server’s private key. The Web server’s key set cannot be shared with other web servers. Important The most critical portion of this system is the CA SSL key pair. From that private key and public certificate an administrator can regenerate any Web server’s SSL key set.

  • Page 15: Ssl Generation Explained

    Chapter 3. SSL Infrastructure SSL information needed to configure, build and deploy the RHN Proxy Server’s SSL keys and certificates. The installation procedures of both the RHN Satellite Server and the RHN Proxy Server ensure the CA SSL public certificate is deployed to the directory of each server.
  • Page 16 Chapter 3. SSL Infrastructure The two tables here break down the options by their related task, either CA or Web server SSL key set generation. The first set of options (CA) should be preceded by the argument, while the --gen-ca second set (Web server) should be preceded by the argument.
  • Page 17 Chapter 3. SSL Infrastructure Option Description Rarely used - Generate only a CA private key. Review --key-only for more --gen-ca --key-only --help information. Rarely used - Generate only a CA public certificate. --cert-only Review for more --gen-ca --cert-only --help information. Rarely used - Generate only an RPM for deployment.

  • Page 18: Generating The Certificate Authority Ssl Key Pair

    Chapter 3. SSL Infrastructure Option Description The company or organization, such as Red Hat. The --set-org=ORGANIZATION default is Example Corp. Inc. The organizational unit, such as RHN. The default is --set-org-unit=SET_ORG_UNIT unit. The hostname of the RHN Server to receive the key. --set-hostname=HOSTNAME The default is dynamically set to the build machine’s hostname.

  • Page 19: Generating Web Server Ssl Key Sets

    Chapter 3. SSL Infrastructure Satellite or Proxy. The RHN SSL Maintenance Tool allows you to generate a CA SSL key pair if needed and re-use it for all subsequent RHN server deployments. The build process automatically creates the key pair and public RPM for distribution to clients. All CA components end up in the build directory specified at the command line, typically /root/ssl-build for older Satellites and Proxies).

  • Page 20: Deploying The Ca Ssl Public Certificate To Clients

    Chapter 3. SSL Infrastructure /etc/httpd/conf/ssl.csr/server.csr • /etc/httpd/conf/ssl.crt/server.crt • rhn-server-openssl.cnf — the Web server’s SSL configuration file • — always lists the latest versions of the relevant files. • latest.txt Once finished, you’re ready to distribute and install the RPM on its respective RHN Server. Note that service must be restarted after installation: httpd /sbin/service httpd restart...

  • Page 21: Importing Custom Gpg Keys

    Chapter 4. Importing Custom GPG Keys For customers who plan to build and distribute their own RPMs securely, it’s strongly recommended that all custom RPMs are signed using GNU Privacy Guard (GPG). Generating GPG keys and building GPG-signed packages are covered in the Red Hat Network Channel Management Guide. Once the packages are signed, the public key must be deployed on all systems importing these RPMs.
  • Page 22 Chapter 4. Importing Custom GPG Keys...

  • Page 23: Using Rhn Bootstrap

    Chapter 5. Using RHN Bootstrap Red Hat provides a tool designed to accomplish much of the reconfiguration described within this guide in one fell swoop: RHN Bootstrap. This tool plays an integral role in the RHN Satellite Server Installation Program, enabling generation of the bootstrap script during installation. But RHN Proxy Server customers and those who’ve updated their Satellite settings need a bootstrap tool that can be used separately.

  • Page 24: Generation

    Chapter 5. Using RHN Bootstrap Red Hat recommends your RPMs be signed by a custom GNU Privacy Guard (GPG) key. Make • the key available so you may refer to it from the script. Generate the key as described in the RHN Channel Management Guide and place the key in the directory of the RHN /var/www/html/pub/...

  • Page 25: Rhn Bootstrap Options

    Chapter 5. Using RHN Bootstrap cat bootstrap-EDITED-NAME.sh | ssh root@CLIENT_MACHINE1 /bin/bash A less secure alternative is to use either to retrieve and run the script from every client wget curl system. Log into each client machine and issue the following command, altering script and hostname accordingly: wget -qO- https://test.com/pub/bootstrap/bootstrap-EDITED-NAME.sh | /bin/bash Or with,...
  • Page 26 Chapter 5. Using RHN Bootstrap Option Description Boolean; including this option sets the system to --allow-config-actions allow all configuration actions via RHN. This requires installing certain rhncfg-* packages, possibly through an activation key. Boolean; including this option sets the system to --allow-remote-commands allow arbitrary remote commands via RHN.

  • Page 27: Manually Scripting The Configuration

    \ http://your_proxy_or_sat.your_domain.com/pub/up2date-3.0.7-1.i386.rpm \ http://your_proxy_or_sat.your_domain.com/pub/up2date-gnome-3.0.7-1.i386.rpm # Second, reconfigure the clients to talk to the correct server. perl -p -i -e ’s/s/www\.rhns\.redhat\.com/your_proxy_or_sat\.your_domain\.com/g’ \ /etc/sysconfig/rhn/rhn_register \ /etc/sysconfig/rhn/up2date # Third, install the SSL client certificate for your company’s # RHN Satellite Server or RHN Proxy Server.
  • Page 28 Chapter 6. Manually Scripting the Configuration Like its components, this script may be centrally located. By placing this script in the directory /pub/ of the server, running on it, and piping the output to a shell session, one may run the entire wget -O- bootstrap process with a single command from each client: wget -O- http://your_proxy_or_sat.your_domain.com/pub/bootstrap_script | bash...

  • Page 29: Implementing Kickstart

    # of these options, consult the Red Hat Linux Customization Guide. lang en_US langsupport --default en_US en_US keyboard defkeymap network --bootproto dhcp install url --url ftp://ftp.widgetco.com/pub/redhat/linux/7.2/en/os/i386 zerombr yes clearpart --all part /boot --size 128 --fstype ext3 --ondisk hda part /...
  • Page 30 Chapter 7. Implementing Kickstart @ Games and Entertainment @ Sound and Multimedia Support # Now for the interesting part. %post ( # Note that we run the entire %post section as a subshell for logging. # Remember that nifty one-line command for the bootstrap script that we # went through? This is an ideal place for it.

  • Page 31: Sample Bootstrap Script

    Appendix A. Sample Bootstrap Script script generated by the RHN Satellite /var/www/html/pub/bootstrap/bootstrap.sh Server installation program and available to both Satellite and RHN Proxy Server customers through the use of RHN Bootstrap provides the ability to reconfigure client systems to use the RHN Server easily.
  • Page 32 Appendix A. Sample Bootstrap Script echo "following:" echo " - copy this file to a name specific to it’s use." echo " (e.g., to bootstrap-SOME_NAME.sh - like bootstrap-web-servers.sh.)" echo " - on the website create an activation key or keys for the system(s) to" echo "...
  • Page 33 Appendix A. Sample Bootstrap Script HTTP_PUB_DIRECTORY=http://${HOSTNAME}/pub HTTPS_PUB_DIRECTORY=https://${HOSTNAME}/pub if [ $USING_SSL -eq 0 ] ; then HTTPS_PUB_DIRECTORY=${HTTP_PUB_DIRECTORY} echo echo "UPDATING RHN_REGISTER/UP2DATE CONFIGURATION FILES" echo "-------------------------------------------------" echo "* downloading necessary files" echo " client_config_update.py..." rm -f client_config_update.py $FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/client_config_update.py echo " ${CLIENT_OVERRIDES}..." rm -f ${CLIENT_OVERRIDES} $FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/${CLIENT_OVERRIDES} if [ ! -f "client_config_update.py"...
  • Page 34 Appendix A. Sample Bootstrap Script # Should have created an activation key or keys on the RHN Server’s # website and edited the value of ACTIVATION_KEYS above. # If you require use of several different activation keys, copy this file and # change the string as needed.

  • Page 35: Index

    Index command line options, 21 generating the script, 20 preparing, 19 using, 19 Symbols using the script, 20 --configure RHN SSL Maintenance Tool use of, 5 generating the CA, 14 generating the server certificate, 15 generation explained, 11 options, 11 rhn-ssl-tool, 10 activation keys rhn-ssl-tool...

Table of Contents