1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. NETWORK 4.0 -
  6. Configuration manual

Red Hat NETWORK 4.0 - CLIENT Configuration Manual

Client configuration
Hide thumbs Also See for NETWORK 4.0 - CLIENT:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Manual
Red Hat Network 4.0
Client Configuration Guide

Advertisement

Table of Contents
loading

Related Manuals for Red Hat NETWORK 4.0 - CLIENT

Summary of Contents for Red Hat NETWORK 4.0 - CLIENT

  • Page 1 Red Hat Network 4.0 Client Configuration Guide...
  • Page 2 All other trademarks referenced herein are the property of their respective owners. The GPG fingerprint of the security@redhat.com key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E...

  • Page 3: Table Of Contents

    Table of Contents 1. Introduction ........................1 2. Client Applications......................3 2.1. Deploying the Latest Red Hat Network Client RPMs ........3 2.2. Configuring the Client Applications ..............4 2.2.1. Registering with Activation Keys ............5 2.2.2. Using the Option ............5 --configure 2.2.3. Updating the Configuration Files Manually ........8 2.2.4.

  • Page 5: Introduction

    Chapter 1. Introduction This best practices guide is intended to help customers of RHN Satellite Server and RHN Proxy Server configure their client systems more easily. By default, all Red Hat Network client applications are configured to communicate with central Red Hat Network Servers. When connecting clients to RHN Satellite Server or RHN Proxy Server instead, many of these settings must be altered.
  • Page 6 Chapter 1. Introduction...

  • Page 7: Client Applications

    Chapter 2. Client Applications In order to utilize most enterprise-class features of Red Hat Network, such as registering with a RHN Satellite, configuration of the latest client applications is required. Obtaining these applications before the client has registered with Red Hat Network can be difficult. This paradox is especially problematic for customers migrating large numbers of older systems to Red Hat Network.

  • Page 8: Configuring The Client Applications

    Chapter 2. Client Applications those RPMs onto his client systems with a simple command. Run from a client, rpm -Uvh this command installs the RPMs to that client, assuming the domain name, paths, and RPM versions are correct: rpm -Uvh \ http://your_proxy_or_sat.your_domain.com/pub/rhn_register-2.9.12-1.2.1AS.i386.rpm \ http://your_proxy_or_sat.your_domain.com/pub/rhn_register-gnome-2.9.12-1.2.1AS.i386 http://your_proxy_or_sat.your_domain.com/pub/up2date-2.9.14-1.2.1AS.i386.rpm \...

  • Page 9: Registering With Activation Keys

    Chapter 2. Client Applications , and manually updating the configuration files.( To see how virtually all --configure reconfiguration can be scripted, see Chapter 6 Manually Scripting the Configuration.) 2.2.1. Registering with Activation Keys Red Hat recommends using activation keys for registering and configuring client systems that access RHN Proxy Server or RHN Satellite Server.

  • Page 10: Using The 2.2.3. Updating The Configuration Files Manually

    Chapter 2. Client Applications 2.2.2. Using the Option --configure Both the Red Hat Network Registration Client and the Red Hat Update Agent that ship with Red Hat Enterprise Linux provide interfaces for configuring various settings. For full listings of these settings, refer to the chapters dedicated to the applications in the RHN Management Reference Guide.
  • Page 11 Chapter 2. Client Applications Figure 2-1. Red Hat Update Agent GUI Configuration Make sure you enter the domain name of your RHN Satellite Server or RHN Proxy Server correctly. Entering an incorrect domain or leaving the field blank may prevent from launching.
  • Page 12 Chapter 2. Client Applications /usr/bin/rhn_register --configure You are presented with a dialog box offering basic settings that may be reconfigured. Under replace the default value with Select a Red Hat Network server to use the fully qualified domain name (FQDN) of the RHN Satellite Server or RHN Proxy Server, such as https://your_proxy_or_sat.your_domain.com/XMLRPC.
  • Page 13 Chapter 2. Client Applications settings in the configuration file (as root). Replace the /etc/sysconfig/rhn/up2date default Red Hat Network URL with the fully qualified domain name (FQDN) for the RHN Proxy Server or RHN Satellite Server. For example: serverURL[comment]=Remote server URL serverURL=https://your_primary.your_domain.com/XMLRPC noSSLServerURL[comment]=Remote server URL without SSL noSSLServerhttp://your_primary.your_domain.com/XMLRPC...

  • Page 14: Implementing Server Failover

    Chapter 2. Client Applications 2.2.4. Implementing Server Failover , the Red Hat Update Agent can be configured to seek Beginning with up2date-4.2.38 updates from a series of RHN Servers. This can be especially helpful in sustaining constant updates if your primary RHN Proxy Server or RHN Satellite Server may be taken offline. To use this feature, first ensure that you are running the required version of .
  • Page 15 Chapter 2. Client Applications 3. Within the Satellite’s version of the RHN website, go to the System Details page for each system and click the link within the RHN Applet area to redirect the Red Hat Network Alert Notification Tool to the Satellite. The next time the applet is started, it will apply its new configuration and connect to the RHN Satellite Server for updates.
  • Page 16 Chapter 2. Client Applications...

  • Page 17: Ssl Infrastructure

    Chapter 3. SSL Infrastructure For Red Hat Network customers, security concerns are of the utmost importance. One of the strengths of Red Hat Network is its ability to process every single request over Secure Sockets Layer, or SSL. To maintain this level of security, customers installing Red Hat Network within their infrastructures must generate custom SSL keys and certificates.

  • Page 18: The Rhn Ssl Maintenance Tool

    Chapter 3. SSL Infrastructure Certificate Authority (CA) SSL private key and public certificate — only one set per • organization generally generated. The public certificate is digitally signed by its private key. The public certificate is distributed to every system. Web server SSL private key and public certificate —...

  • Page 19: Ssl Generation Explained

    Chapter 3. SSL Infrastructure Note , which contains , can be installed and run on any rhns-certs-tools rhn-ssl-tool current Red Hat Enterprise Linux system with minimal requirements. This is offered as a convenience for administrators who wish to manage their SSL infrastructure from their workstation or another system other than their RHN Server(s).

  • Page 20: Rhn Ssl Maintenance Tool Options

    Chapter 3. SSL Infrastructure any machine that has the package installed. Portability exists in a rhns-certs-tools build structure that can be stored anywhere for safe keeping and then installed wherever the need arises. Again, if your infrastructure’s top-level RHN Server is the most current RHN Satellite Server, the most you may have to do is restore your tree from an archive to ssl-build...
  • Page 21 Chapter 3. SSL Infrastructure This set of options must be preceded by the argument: --gen-ca Option Description Generate a Certificate Authority (CA) --gen-ca key pair and public RPM. This must be issued with any of the remaining options in this table. Display the help screen with a list of --help base options specific to generating...
  • Page 22 Chapter 3. SSL Infrastructure Option Description The organizational unit, such as --set-org-unit=SET_ORG_UNIT RHN. The default is ”. Not typically set for the CA. - The --set-common-name=HOSTNAME common name. Not typically set for the CA. - The --set-email=EMAIL email address. Packager of the generated RPM, such --rpm-packager=PACKAGER as "RHN Admin (rhn-admin@example.com)."...
  • Page 23 Chapter 3. SSL Infrastructure Option Description Generate the Web server’s SSL key --gen-server set, RPM and tar archive. This must be issued with any of the remaining options in this table. Display the help screen with a list of --help base options specific to generating and managing a server key-pair.
  • Page 24 Chapter 3. SSL Infrastructure Option Description The city or locality. The default is --set-city=CITY_OR_LOCALITY Raleigh. The company or organization, such as --set-org=ORGANIZATION Red Hat. The default is Example Corp. Inc. The organizational unit, such as --set-org-unit=SET_ORG_UNIT RHN. The default is unit. The hostname of the RHN Server to --set-hostname=HOSTNAME receive the key.

  • Page 25: Generating The Certificate Authority Ssl Key Pair

    Chapter 3. SSL Infrastructure Option Description Rarely used - Conduct all --no-rpm server-related steps except RPM generation. Rarely changed - RPM name that --server-rpm=SERVER_RPM houses the Web server’s SSL key set (the base filename, not filename-version-release.noarch.rpm). Rarely changed - Name of .tar archive --server-tar=SERVER_TAR of the Web server’s SSL key set and CA public certificate that is used...

  • Page 26: Generating Web Server Ssl Key Sets

    Chapter 3. SSL Infrastructure — the RPM prepared for dis- • rhn-org-trusted-ssl-cert-VER-REL.noarch.rpm tribution to client systems. It contains the CA SSL public certificate (above) and installs it in this location: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT — the SSL CA configuration file • rhn-ca-openssl.cnf — always lists the latest versions of the relevant files. •...

  • Page 27: Deploying The Ca Ssl Public Certificate To Clients

    Chapter 3. SSL Infrastructure rhn-server-openssl.cnf — the Web server’s SSL configuration file • — always lists the latest versions of the relevant files. • latest.txt Once finished, you’re ready to distribute and install the RPM on its respective RHN Server. Note that the service must be restarted after installation: httpd...
  • Page 28 Chapter 3. SSL Infrastructure registering and configuring client systems. Please refer Chapter 5 Using RHN Bootstrap for details.

  • Page 29: Importing Custom Gpg Keys

    Chapter 4. Importing Custom GPG Keys For customers who plan to build and distribute their own RPMs securely, it is strongly recommended that all custom RPMs are signed using GNU Privacy Guard (GPG). Gener- ating GPG keys and building GPG-signed packages are covered in the Red Hat Network Channel Management Guide.
  • Page 30 Chapter 4. Importing Custom GPG Keys...

  • Page 31: Using Rhn Bootstrap

    Chapter 5. Using RHN Bootstrap Red Hat Network provides a tool that automates much of the manual reconfiguration de- scribed in previous chapters: RHN Bootstrap. This tool plays an integral role in the RHN Satellite Server Installation Program, enabling generation of the bootstrap script during installation.

  • Page 32: Preparation

    Chapter 5. Using RHN Bootstrap 5.1. Preparation Since RHN Bootstrap ( ) depends on other components of the Red Hat rhn-bootstrap Network infrastructure to properly configure client systems, those components must be prepared before script generation. The following list identifies suggested initial measures: Generate activation keys to be called by the script(s).

  • Page 33: Script Use

    Chapter 5. Using RHN Bootstrap Use the option to include keys, taking into account the entitle- • --activation-keys ment requirements identified in Section 5.1 Preparation. Use the option to identify the key path and filename during script genera- • --gpg-key tion.

  • Page 34: Rhn Bootstrap Options

    Chapter 5. Using RHN Bootstrap When this script has been run on each client system, all should be configured to use the RHN Server. 5.4. RHN Bootstrap Options The RHN Bootstrap offers many command line options for creating client boostrap scripts.
  • Page 35 Chapter 5. Using RHN Bootstrap Option Description The HTTP proxy setting for the --http-proxy=HTTP_PROXY client systems in the form hostname:port. A value of "" disables this setting. I f using an authenticating HTTP --http-proxy-username=HTTP_PROXY_USERNAME proxy, specify a username. A value of "" disables this setting. I f using an authenticating HTTP --http-proxy-password=HTTP_PROXY_PASSWORD proxy, specify a password.
  • Page 36 Chapter 5. Using RHN Bootstrap Option Description Not recommended - Boolean; --force including this option forces bootstrap script generation despite warnings. Display verbose messaging. --verbose Accumulative; causes -vvv extremely verbose messaging. Table 5-1. RHN Bootstrap Options...

  • Page 37: Manually Scripting The Configuration

    \ http://proxy-or-sat.example.com.com/pub/up2date-gnome-3.0.7-1.i386.rpm # Second, reconfigure the clients to talk to the correct server. perl -p -i -e ’s/s/www\.rhns\.redhat\.com/proxy-or-sat\.example\.com/g’ \ /etc/sysconfig/rhn/rhn_register \ /etc/sysconfig/rhn/up2date # Third, install the SSL client certificate for your company’s # RHN Satellite Server or RHN Proxy Server.
  • Page 38 Chapter 6. Manually Scripting the Configuration Remember, the sixth step is documented here as it pertains to systems running Red Hat Linux 3 or newer. For Red Hat Enterprise Linux 2.1, use the following command instead: gpg $(up2date --gpg-flags) --import /path/to/YOUR-RPM-GPG-KEY This script comprises a clean and repeatable process that should fully configure any poten- tial Red Hat Network client in preparation for registration to an RHN Proxy Server or RHN Satellite Server.

  • Page 39: Implementing Kickstart

    # explanation of these options, consult the Red Hat Linux Customization # Guide. lang en_US langsupport --default en_US en_US keyboard defkeymap network --bootproto dhcp install url --url ftp://ftp.widgetco.com/pub/redhat/linux/7.2/en/os/i386 zerombr yes clearpart --all part /boot --size 128 --fstype ext3 --ondisk hda part / --size 2048 --grow --fstype ext3 --ondisk hda...
  • Page 40 Chapter 7. Implementing Kickstart reboot # Define a standard set of packages. Note: Red Hat Network client # packages are found in Base. This is quite a minimal set of packages; # your mileage may vary. %packages @ Base @ Utilities @ GNOME @ Laptop Support @ Dialup Support...

  • Page 41: Sample Bootstrap Script

    Appendix A. Sample Bootstrap Script script generated by the RHN /var/www/html/pub/bootstrap/bootstrap.sh Satellite Server installation program provides the ability to reconfigure client systems to access your RHN Server easily. It is available to both RHN Satellite Server and RHN Proxy Server customers through the RHN Bootstrap tool. After modifying the script for your particular use, it can be run on each client machine.
  • Page 42 Appendix A. Sample Bootstrap Script # PROVISIONING/KICKSTART NOTE: If provisioning a client, ensure the proper CA SSL public certificate is configured properly in the post section of your kickstart profiles (the RHN Satellite or hosted web user interface). # UP2DATE/RHN_REGISTER VERSIONING NOTE: This script will not work with very old versions of up2date and rhn_register.
  • Page 43 Appendix A. Sample Bootstrap Script ORG_CA_CERT=RHN-ORG-TRUSTED-SSL-CERT ORG_CA_CERT_IS_RPM_YN=0 USING_SSL=1 USING_GPG=1 REGISTER_THIS_BOX=1 ALLOW_CONFIG_ACTIONS=0 ALLOW_REMOTE_COMMANDS=0 FULLY_UPDATE_THIS_BOX=1 # ----------------------------------------------------------------------------- # DO NOT EDIT BEYOND THIS POINT ----------------------------------------------- # ----------------------------------------------------------------------------- # an idea from Erich Morisse (of Red Hat). # use either wget *or* curl if [ -x /usr/bin/wget ] ;...
  • Page 44 Appendix A. Sample Bootstrap Script exit 1 echo "* running the update scripts" if [ -f "/etc/sysconfig/rhn/rhn_register" ] ; then echo " . rhn_register config file" /usr/bin/python -u client_config_update.py /etc/sysconfig/rhn/rhn_register \ ${CLIENT_OVERRIDES} echo " . up2date config file" /usr/bin/python -u client_config_update.py /etc/sysconfig/rhn/up2date \ ${CLIENT_OVERRIDES} if [ ! -z "$ORG_GPG_KEY"...
  • Page 45 Appendix A. Sample Bootstrap Script echo " corresponding key or keys string (XKEY,YKEY,...) must be mapped to" echo " the ACTIVATION_KEYS variable of this script." exit 1 if [ $REGISTER_THIS_BOX -eq 1 ] ; then echo "* registering" /usr/sbin/rhnreg_ks --force --activationkey "$ACTIVATION_KEYS" echo echo "*** this system should now be registered, please verify ***"...
  • Page 46 Appendix A. Sample Bootstrap Script...

  • Page 47: Index

    Index Red Hat Network Alert Notification Tool configuration for Satellite, 10 Symbols Red Hat Network Registration Client configuring to use RHN Proxy Server or --configure RHN Satellite Server, 9 use of, 6 Red Hat Update Agent configuring to use RHN Proxy Server or RHN Satellite Server, 8 RHN Bootstrap command line options, 30...

Table of Contents