1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. NETWORK SATELLITE 5.1.0 - CHANNEL MANAGEMENT
  6. Configuration manual

Red Hat NETWORK SATELLITE 5.1.0 - CLIENT Configuration Manual

Client configuration
Hide thumbs Also See for NETWORK SATELLITE 5.1.0 - CLIENT:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Manual
Red Hat Network Satellite
Client Configuration
Guide 5.1.0
5.1
ISBN: N/A
Publication date:

Advertisement

Table of Contents
loading

Related Manuals for Red Hat NETWORK SATELLITE 5.1.0 - CLIENT

Summary of Contents for Red Hat NETWORK SATELLITE 5.1.0 - CLIENT

  • Page 1 Red Hat Network Satellite Client Configuration Guide 5.1.0 ISBN: N/A Publication date:...
  • Page 2 Red Hat Network Satellite...
  • Page 3 All other trademarks referenced herein are the property of their respective owners. The GPG fingerprint of the security@redhat.com key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E...
  • Page 4 Red Hat Network Satellite...

  • Page 5: Table Of Contents

    1. Introduction ......................1 2. Client Applications ....................3 1. Deploying the Latest Red Hat Network Client RPMs ......... 3 2. Configuring the Client Applications ..............4 2.1. Registering with Activation Keys ............5 2.2. Using the Option ............. 6 --configure 2.3.

  • Page 7: Introduction

    Chapter 1. Introduction This best practices guide is intended to help customers of RHN Satellite Server and RHN Proxy Server configure their client systems more easily. By default, all Red Hat Network client applications are configured to communicate with central Red Hat Network Servers.

  • Page 9: Client Applications

    Chapter 2. Client Applications In order to utilize most enterprise-class features of Red Hat Network, such as registering with a RHN Satellite, configuration of the latest client applications is required. Obtaining these applications before the client has registered with Red Hat Network can be difficult. This paradox is especially problematic for customers migrating large numbers of older systems to Red Hat Network.

  • Page 10: Configuring The Client Applications

    Chapter 2. Client Applications rpm -Uvh \ http://your_proxy_or_sat.your_domain.com/pub/rhn_register-2.9.12-1.2.1AS.i386.rpm http://your_proxy_or_sat.your_domain.com/pub/rhn_register-gnome-2.9.12-1.2.1AS.i386.rpm http://your_proxy_or_sat.your_domain.com/pub/up2date-2.9.14-1.2.1AS.i386.rpm http://your_proxy_or_sat.your_domain.com/pub/up2date-gnome-2.9.14-1.2.1AS.i386.rpm Note the inclusion of the associated gnome RPMs. Keep in mind, the architecture (in this case, i386) may need to be altered depending on the systems to be served. 2.

  • Page 11: Registering With Activation Keys

    Using the Option --configure 2.1. Registering with Activation Keys Red Hat recommends using activation keys for registering and configuring client systems that access RHN Proxy Server or RHN Satellite Server. Activation keys can be used to register, entitle, and subscribe systems in a batch. Refer to the Activation Keys section of the Red Hat Update Agent chapter within the RHN Management Reference Guide for instructions on use.

  • Page 12: Using The --Configure Option

    Chapter 2. Client Applications 2.2. Using the Option --configure Both the Red Hat Network Registration Client and the Red Hat Update Agent that ship with Red Hat Enterprise Linux provide interfaces for configuring various settings. For full listings of these settings, refer to the chapters dedicated to the applications in the RHN Management Reference Guide.
  • Page 13 Using the Option --configure Figure 2.1. Red Hat Update Agent GUI Configuration Make sure you enter the domain name of your RHN Satellite Server or RHN Proxy Server correctly. Entering an incorrect domain or leaving the field blank may prevent up2date from launching.

  • Page 14: Updating The Configuration Files Manually

    Chapter 2. Client Applications steps. As root, run the following command: /usr/bin/rhn_register --configure You are presented with a dialog box offering basic settings that may be reconfigured. Under replace the default value with the fully qualified Select a Red Hat Network server to use domain name (FQDN) of the RHN Satellite Server or RHN Proxy Server, such as .

  • Page 15: Implementing Server Failover

    Implementing Server Failover reconfigure the Red Hat Network Registration Client and the Red Hat Update Agent by editing the applications' configuration files. To configure Red Hat Update Agent on the client systems connecting to the RHN Proxy Server or RHN Satellite Server, edit the values of the settings in the serverURL noSSLServerURL...

  • Page 16: Configuring The Red Hat Network Alert Notification Tool With Satellite

    Chapter 2. Client Applications Beginning with , the Red Hat Update Agent can be configured to seek up2date-4.2.38 updates from a series of RHN Servers. This can be especially helpful in sustaining constant updates if your primary RHN Proxy Server or RHN Satellite Server may be taken offline. To use this feature, first ensure that you are running the required version of .

  • Page 17: Ssl Infrastructure

    Chapter 3. SSL Infrastructure For Red Hat Network customers, security concerns are of the utmost importance. One of the strengths of Red Hat Network is its ability to process every single request over Secure Sockets Layer, or SSL. To maintain this level of security, customers installing Red Hat Network within their infrastructures must generate custom SSL keys and certificates.

  • Page 18: The Rhn Ssl Maintenance Tool

    Chapter 3. SSL Infrastructure often refer to a Web server's key set; this is because there is an intermediary SSL certificate request that is generated. The details of what this is used for are not important to this discussion. All three are deployed to an RHN Server. Here's a scenario: If you have one RHN Satellite Server and five RHN Proxy Servers, you will generate one CA SSL key pair and six Web server SSL key sets.

  • Page 19: Ssl Generation Explained

    SSL Generation Explained is offered as a convenience for administrators who wish to manage their SSL infrastructure from their workstation or another system other than their RHN Server(s). Here are the cases in which the tool is required: • When updating your CA public certificate - this is rare. •...

  • Page 20: Rhn Ssl Maintenance Tool Options

    Chapter 3. SSL Infrastructure that has the package installed. Portability exists in a build structure that can rhns-certs-tools be stored anywhere for safe keeping and then installed wherever the need arises. Again, if your infrastructure's top-level RHN Server is the most current RHN Satellite Server, the most you may have to do is restore your tree from an archive to the directory...
  • Page 21 RHN SSL Maintenance Tool Options This set of options must be preceded by the argument: --gen-ca Option Description Generate a Certificate Authority (CA) --gen-ca key pair and public RPM. This must be issued with any of the remaining options in this table. Display the help screen with a list of --help base options specific to generating and...
  • Page 22 Chapter 3. SSL Infrastructure Option Description (rhn-admin@example.com)." Vendor of the generated RPM, such as --rpm-vendor=VENDOR "IS/IT Example Corp." Display verbose messaging. --verbose Accumulative - added "v"s result in increasing detail. Rarely changed - RPM name that --ca-cert-rpm=CA_CERT_RPM houses the CA certificate (the base filename, not filename-version-release.noarch.rpm).
  • Page 23 RHN SSL Maintenance Tool Options Option Description Required for most commands - The --dir=BUILD_DIRECTORY directory where certificates and RPMs are built. The default is ./ssl-build The Web server's SSL private key --server-key=FILENAME filename. The default is server.key The Web server's SSL certificate --server-cert-req=FILENAME request filename.

  • Page 24: Generating The Certificate Authority Ssl Key Pair

    Chapter 3. SSL Infrastructure Option Description Vendor of the generated RPM, such as --rpm-vendor=VENDOR "IS/IT Example Corp." Display verbose messaging. --verbose Accumulative - added "v"s result in increasing detail. Rarely used - Generate only a server --key-only private key. Review --gen-server for more --key-only --help...

  • Page 25: Generating Web Server Ssl Key Sets

    Generating Web Server SSL Key Sets if needed and re-use it for all subsequent RHN server deployments. The build process automatically creates the key pair and public RPM for distribution to clients. All CA components end up in the build directory specified at the command line, typically for older Satellites and Proxies).

  • Page 26: Deploying The Ca Ssl Public Certificate To Clients

    Chapter 3. SSL Infrastructure Replace the example values with those appropriate for your organization. This will result in the following relevant files in a machine-specific subdirectory of the build directory: • — the Web server's SSL private server key server.key •...

  • Page 27: Configuring Client Systems

    Configuring Client Systems rpm -Uvh \ http://proxy-or-sat.example.com/pub/rhn-org-trusted-ssl-cert-VER-REL.noarch.rpm Confirm the actual name of the certificate or RPM before running these commands. 4. Configuring Client Systems Once the RPM or raw certificate has been deployed to a client system, the administrator of that system must then alter the configuration files of the Red Hat Update Agent and the Red Hat Network Registration Client (if necessary) to use the new CA SSL public certificate file and connect to the appropriate RHN Proxy Server or RHN Satellite Server.

  • Page 29: Importing Custom Gpg Keys

    Chapter 4. Importing Custom GPG Keys For customers who plan to build and distribute their own RPMs securely, it is strongly recommended that all custom RPMs are signed using GNU Privacy Guard (GPG). Generating GPG keys and building GPG-signed packages are covered in the Red Hat Network Channel Management Guide.

  • Page 31: Using Rhn Bootstrap

    Chapter 5. Using RHN Bootstrap Red Hat Network provides a tool that automates much of the manual reconfiguration described in previous chapters: RHN Bootstrap. This tool plays an integral role in the RHN Satellite Server Installation Program, enabling generation of the bootstrap script during installation. RHN Proxy Server customers and customers with updated Satellite settings require a bootstrap tool that can be used independently.

  • Page 32: Generation

    Chapter 5. Using RHN Bootstrap • Generate activation keys to be called by the script(s). Activation keys can be used to register Red Hat Enterprise Linux systems, entitle them to an RHN service level, and subscribe them to specific channels and system groups, all in one action. Note that you must have Management entitlements available to use an activation key, while inclusion of multiple activation keys at once requires Provisioning entitlements.

  • Page 33: Script Use

    Script Use client systems touched by the script. This feature is useful in reconfiguring multiple systems simultaneously. • Include the flag to enable remote script use on all client systems. --allow-remote-commands Like configuration management, this feature aids in reconfiguring multiple systems. When you're done, your command will look something like this: rhn-bootstrap --activation-keys KEY1,KEY2 \ --gpg-key /var/www/html/pub/MY_CORPORATE_PUBLIC_KEY \ --allow-config-actions \...
  • Page 34 Chapter 5. Using RHN Bootstrap Although descriptions of these options can be found within the following table, ensure that they are available in the version of the tool installed on your RHN Server by issuing the command or reviewing its man page. rhn-bootstrap --help Option Description...
  • Page 35 RHN Bootstrap Options Option Description Boolean; including this option sets --allow-remote-commands the system to allow arbitrary remote commands via RHN. This requires installing certain rhncfg-* packages, possibly through an activation key. Not recommended - Boolean; --no-ssl including this option turns SSL off on the client system.

  • Page 37: Manually Scripting The Configuration

    \ http://proxy-or-sat.example.com.com/pub/up2date-3.0.7-1.i386.rpm \ http://proxy-or-sat.example.com.com/pub/up2date-gnome-3.0.7-1.i386.rpm # Second, reconfigure the clients to talk to the correct server. perl -p -i -e 's/s/www\.rhns\.redhat\.com/proxy-or-sat\.example\.com/g' \ /etc/sysconfig/rhn/rhn_register \ /etc/sysconfig/rhn/up2date # Third, install the SSL client certificate for your company's # RHN Satellite Server or RHN Proxy Server. rpm -Uvh http://proxy-or-sat.example.com/pub/rhn-org-trusted-ssl-cert-*.noarch.rpm...
  • Page 38 Chapter 6. Manually Scripting the Configuration Red Hat Network client in preparation for registration to an RHN Proxy Server or RHN Satellite Server. Remember, key values, such as the URL of your RHN Server, its public directory, and your actual GPG key must be inserted into the placeholders listed within the script. Also, depending on your environment, additional modifications may be required.

  • Page 39: Implementing Kickstart

    # explanation of these options, consult the Red Hat Linux Customization # Guide. lang en_US langsupport --default en_US en_US keyboard defkeymap network --bootproto dhcp install url --url ftp://ftp.widgetco.com/pub/redhat/linux/7.2/en/os/i386 zerombr yes clearpart --all part /boot --size 128 --fstype ext3 --ondisk hda part / --size 2048 --grow --fstype ext3 --ondisk hda...
  • Page 40 Chapter 7. Implementing Kickstart %packages @ Base @ Utilities @ GNOME @ Laptop Support @ Dialup Support @ Software Development @ Graphics and Image Manipulation @ Games and Entertainment @ Sound and Multimedia Support # Now for the interesting part. %post ( # Note that we run the entire %post section as a subshell for logging.

  • Page 41: Sample Bootstrap Script

    Appendix A. Sample Bootstrap Script script generated by the RHN Satellite /var/www/html/pub/bootstrap/bootstrap.sh Server installation program provides the ability to reconfigure client systems to access your RHN Server easily. It is available to both RHN Satellite Server and RHN Proxy Server customers through the RHN Bootstrap tool.
  • Page 42 Appendix A. Sample Bootstrap Script name." echo " - ensure the value of HOSTNAME is correct." echo " - ensure the value of ORG_CA_CERT is correct." echo echo "Enable this script: comment (with #'s) this block (or, at least just" echo "the exit below)" echo exit 1 # can be edited, but probably correct (unless created during initial install): # NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine.
  • Page 43 clients, an activation key or keys" echo " must be created in the RHN web user interface, and the" echo " corresponding key or keys string (XKEY,YKEY,...) must be mapped to" echo " the ACTIVATION_KEYS variable of this script." exit 1 fi if [ $REGISTER_THIS_BOX -eq 1 ] ; then echo "* registering"...

  • Page 45: Index

    RHN Satellite Server, 9 Index RHN Bootstrap command line options, 27 generating the script, 26 Symbols preparing, 25 using, 25 --configure using the script, 27 use of, 6 RHN SSL Maintenance Tool generating the CA, 18 generating the server certificate, 19 activation keys generation explained, 13 registering with, 5...

Table of Contents