1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. NETWORK SATELLITE 5.2 - CHANNEL MANAGEMENT
  6. Configuration manual

Red Hat NETWORK SATELLITE 5.2 - CLIENT Configuration Manual

Client configuration
Hide thumbs Also See for NETWORK SATELLITE 5.2 - CLIENT:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Installation Manual
Red Hat Network
Satellite 5.2
Client Configuration Guide
Red Hat Network Satellite

Advertisement

Table of Contents
loading

Related Manuals for Red Hat NETWORK SATELLITE 5.2 - CLIENT

Summary of Contents for Red Hat NETWORK SATELLITE 5.2 - CLIENT

  • Page 1 Red Hat Network Satellite 5.2 Client Configuration Guide Red Hat Network Satellite...
  • Page 2 Client Configuration Guide Red Hat Network Satellite 5.2 Client Configuration Guide Red Hat Network Satellite Edition 5.2...

  • Page 3: Table Of Contents

    1. Introduction 2. Client Applications 2.1. Deploying the Latest Red Hat Network Client RPMs ............3 2.2. Configuring the Client Applications ................4 2.2.1. Registering with Activation Keys ................. 4 2.2.2. Using the --configure Option ................ 5 2.2.3. Updating the Configuration Files Manually ............7 2.2.4.

  • Page 5: Introduction

    Chapter 1. Introduction This best practices guide is intended to help customers of RHN Satellite Server and RHN Proxy Server configure their client systems more easily. By default, all Red Hat Network client applications are configured to communicate with central Red Hat Network Servers.

  • Page 7: Client Applications

    Chapter 2. Client Applications In order to utilize most enterprise-class features of Red Hat Network, such as registering with a RHN Satellite, configuration of the latest client applications is required. Obtaining these applications before the client has registered with Red Hat Network can be difficult. This paradox is especially problematic for customers migrating large numbers of older systems to Red Hat Network.

  • Page 8: Configuring The Client Applications

    Chapter 2. Client Applications your_proxy_or_sat.your_domain.com/pub/up2date- gnome-2.9.14-1.2.1AS.i386.rpm Note the inclusion of the associated gnome RPMs. Keep in mind, the architecture (in this case, i386) may need to be altered depending on the systems to be served. 2.2. Configuring the Client Applications Not every customer must connect securely to a RHN Satellite Server or RHN Proxy Server within their organization.

  • Page 9: Using The --Configure Option

    Using the --configure Option 3. Download and install the SSL Certificate RPM from the /pub/ directory of the RHN Proxy Server or RHN Satellite Server. The command for this step could look something like this: rpm -Uvh\ http://your-satellite.com/pub/rhn-org-trusted-ssl- cert-1.0-1.noarch.rpm 4. Register the system with your RHN Proxy Server or RHN Satellite Server. The command for this step could look something like: rhnreg_ks --activationkey mykey --serverUrl https://your- satellite.com/XMLRPC...
  • Page 10 Chapter 2. Client Applications You are presented with a dialog box offering various settings that may be reconfigured. In the General tab, under Select a Red Hat Network Server to use replace the default value with the fully qualified domain name (FQDN) of the RHN Satellite Server or RHN Proxy Server, such as https://your_proxy_or_sat.your_domain.com/XMLRPC.

  • Page 11: Updating The Configuration Files Manually

    Updating the Configuration Files Manually /usr/bin/rhn_register --configure You are presented with a dialog box offering basic settings that may be reconfigured. Under Select a Red Hat Network server to use replace the default value with the fully qualified domain name (FQDN) of the RHN Satellite Server or RHN Proxy Server, such as https:// your_proxy_or_sat.your_domain.com/XMLRPC.

  • Page 12: Implementing Server Failover

    Chapter 2. Client Applications sysconfig/rhn/up2date configuration file (as root). Replace the default Red Hat Network URL with the fully qualified domain name (FQDN) for the RHN Proxy Server or RHN Satellite Server. For example: serverURL[comment]=Remote server URL serverURL=https:// your_primary.your_domain.com/XMLRPC noSSLServerURL[comment]=Remote server URL without SSL noSSLServerURL=http://your_primary.your_domain.com/ XMLRPC Warning...

  • Page 13: Configuring The Red Hat Network Alert Notification Tool With Satellite

    Configuring the Red Hat Network Alert Notification Tool with Satellite your_secondary.your_domain.com/XMLRPC; noSSLServerURL[comment]=Remote server URL without SSL noSSLServerURL=http:// your_primary.your_domain.com/XMLRPC; \ https:// your_secondary.your_domain.com/XMLRPC; Connection to the servers is attempted in the order provided here. You can include as many servers as you wish. You may list the central RHN Servers, as well. This makes sense, however, only if the client systems can reach the Internet.

  • Page 15: Ssl Infrastructure

    Chapter 3. SSL Infrastructure For Red Hat Network customers, security concerns are of the utmost importance. One of the strengths of Red Hat Network is its ability to process every single request over Secure Sockets Layer, or SSL. To maintain this level of security, customers installing Red Hat Network within their infrastructures must generate custom SSL keys and certificates.

  • Page 16: The Rhn Ssl Maintenance Tool

    Chapter 3. SSL Infrastructure servers. Each server has its own SSL key set that is specifically tied to that server's hostname and generated using its own SSL private key and the CA SSL private key in combination. This establishes a digitally verifiable association between the Web server's SSL public certificate and the CA SSL key pair and server's private key.

  • Page 17: Ssl Generation Explained

    SSL Generation Explained • During installation of an RHN Satellite Server - all SSL settings are configured during the installation process. The SSL keys and certificate are built and deployed automatically. • During installation of an RHN Proxy Server version 3.6 or later if connected to an RHN Satellite Server version 3.6 or later as its top-level service - the RHN Satellite Server contains all of the SSL information needed to configure, build and deploy the RHN Proxy Server's SSL keys and certificates.

  • Page 18: Rhn Ssl Maintenance Tool Options

    Chapter 3. SSL Infrastructure 8. When additional Web server SSL key sets are needed, restore the build tree on a system running the RHN SSL Maintenance Tool and repeat steps 3 through 7. 3.2.2. RHN SSL Maintenance Tool Options The RHN SSL Maintenance Tool offers a plethora of command line options for generating your Certificate Authority SSL key pair and managing your server SSL certificates and keys.
  • Page 19 RHN SSL Maintenance Tool Options Option Description The organizational unit, such as RHN. The --set-org-unit=SET_ORG_UNIT default is ''. Not typically set for the CA. - The common --set-common-name=HOSTNAME name. Not typically set for the CA. - The email --set-email=EMAIL address. Packager of the generated RPM, such as --rpm-packager=PACKAGER "RHN Admin (rhn-admin@example.com)."...
  • Page 20 Chapter 3. SSL Infrastructure Option Description The Web server's SSL private key filename. --server-key=FILENAME The default is server.key. The Web server's SSL certificate request --server-cert-req=FILENAME filename. The default is server.csr. The Web server's SSL certificate filename. --server-cert=FILENAME The default is server.crt. The start date for server certificate validity --startdate=YYMMDDHHMMSSZ in the example format: year, month, date,...

  • Page 21: Generating The Certificate Authority Ssl Key Pair

    Generating the Certificate Authority SSL Key Pair Option Description Rarely used - Generate only an RPM for --rpm-only deployment. Review --gen-server -- rpm-only --help for more information. Rarely used - Conduct all server-related --no-rpm steps except RPM generation. Rarely changed - RPM name that houses --server-rpm=SERVER_RPM the Web server's SSL key set (the base filename, not filename-version-...

  • Page 22: Generating Web Server Ssl Key Sets

    Chapter 3. SSL Infrastructure 3.2.4. Generating Web Server SSL Key Sets Although you must have a CA SSL key pair already generated, you will likely generate web server SSL key sets more frequently, especially if more than one Proxy or Satellite is deployed. Note that the value for --set-hostname is different for each server.

  • Page 23: Configuring Client Systems

    Configuring Client Systems The CA SSL public certificate in that directory can be downloaded to a client system using wget or curl. For example: curl -O http://proxy-or-sat.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT wget http://proxy-or-sat.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT Alternatively, if the CA SSL public certificate RPM resides in the /pub directory, it can be installed on a client system directly: rpm -Uvh \ http://proxy-or-sat.example.com/pub/rhn-org-trusted-ssl- cert-VER-REL.noarch.rpm...

  • Page 25: Importing Custom Gpg Keys

    Chapter 4. Importing Custom GPG Keys For customers who plan to build and distribute their own RPMs securely, it is strongly recommended that all custom RPMs are signed using GNU Privacy Guard (GPG). Generating GPG keys and building GPG-signed packages are covered in the Red Hat Network Channel Management Guide. Once the packages are signed, the public key must be deployed on all systems importing these RPMs.

  • Page 27: Using Rhn Bootstrap

    Chapter 5. Using RHN Bootstrap Red Hat Network provides a tool that automates much of the manual reconfiguration described in previous chapters: RHN Bootstrap. This tool plays an integral role in the RHN Satellite Server Installation Program, enabling generation of the bootstrap script during installation. RHN Proxy Server customers and customers with updated Satellite settings require a bootstrap tool that can be used independently.

  • Page 28: Generation

    Chapter 5. Using RHN Bootstrap • Red Hat recommends your RPMs be signed by a custom GNU Privacy Guard (GPG) key. Make the key available so you may refer to it from the script. Generate the key as described in the RHN Channel Management Guide and place the key in the /var/www/html/pub/ directory of the RHN Chapter 4, Importing Custom GPG Keys.

  • Page 29: Script Use

    Script Use 5.3. Script Use Finally, when you're finished preparing the script for use, you are ready to run it. Log into the RHN Satellite Server or RHN Proxy Server, navigate to the /var/www/html/pub/bootstrap/ directory and run the following command, altering the hostname and name of the script as needed to suit the system type: cat bootstrap-EDITED-NAME.sh | ssh root@CLIENT_MACHINE1 /bin/bash A less secure alternative is to use either wget or curl to retrieve and run the script from every client...
  • Page 30 Chapter 5. Using RHN Bootstrap Option Description The path to your organization's public --gpg-key=GPG_KEY GPG key, if used. It will be copied to the location specified by the --pub- tree option. The HTTP proxy setting for the client --http-proxy=HTTP_PROXY systems in the form hostname:port. A value of ""...

  • Page 31: Manually Scripting The Configuration

    \ http://proxy-or-sat.example.com.com/pub/up2date-3.0.7-1.i386.rpm \ http://proxy-or-sat.example.com.com/pub/up2date-gnome-3.0.7-1.i386.rpm # Second, reconfigure the clients to talk to the correct server. perl -p -i -e 's/s/www\.rhns\.redhat\.com/proxy-or-sat\.example\.com/g' \ /etc/sysconfig/rhn/rhn_register \ /etc/sysconfig/rhn/up2date # Third, install the SSL client certificate for your company's # RHN Satellite Server or RHN Proxy Server.
  • Page 32 Chapter 6. Manually Scripting the Configuration This script comprises a clean and repeatable process that should fully configure any potential Red Hat Network client in preparation for registration to an RHN Proxy Server or RHN Satellite Server. Remember, key values, such as the URL of your RHN Server, its public directory, and your actual GPG key must be inserted into the placeholders listed within the script.

  • Page 33: Implementing Kickstart

    # explanation of these options, consult the Red Hat Linux Customization # Guide. lang en_US langsupport --default en_US en_US keyboard defkeymap network --bootproto dhcp install url --url ftp://ftp.widgetco.com/pub/redhat/linux/7.2/en/os/i386 zerombr yes clearpart --all part /boot --size 128 --fstype ext3 --ondisk hda part / --size 2048 --grow --fstype ext3 --ondisk hda...
  • Page 34 Chapter 7. Implementing Kickstart %packages @ Base @ Utilities @ GNOME @ Laptop Support @ Dialup Support @ Software Development @ Graphics and Image Manipulation @ Games and Entertainment @ Sound and Multimedia Support # Now for the interesting part. %post ( # Note that we run the entire %post section as a subshell for logging.

  • Page 35: Sample Bootstrap Script

    Appendix A. Sample Bootstrap Script The /var/www/html/pub/bootstrap/bootstrap.sh script generated by the RHN Satellite Server installation program provides the ability to reconfigure client systems to access your RHN Server easily. It is available to both RHN Satellite Server and RHN Proxy Server customers through the RHN Bootstrap tool.
  • Page 36 Appendix A. Sample Bootstrap Script # PROVISIONING/KICKSTART NOTE: If provisioning a client, ensure the proper CA SSL public certificate configured properly in the post section of your kickstart profiles (the RHN Satellite or hosted web user interface). # UP2DATE/RHN_REGISTER VERSIONING NOTE: This script will not work with very old versions of up2date and rhn_register.
  • Page 37 echo "the exit below)" echo exit 1 # can be edited, but probably correct (unless created during initial install): # NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine. ACTIVATION_KEYS=insert_activation_key_here ORG_GPG_KEY=insert_org_gpg_pub_key_here # can be edited, but probably correct: CLIENT_OVERRIDES=client-config-overrides.txt HOSTNAME=your_rhn_server_host.example.com ORG_CA_CERT=RHN-ORG-TRUSTED-SSL-CERT ORG_CA_CERT_IS_RPM_YN=0...
  • Page 38 Appendix A. Sample Bootstrap Script if [ -x /usr/bin/curl ] ; then output=`/usr/bin/curl -k 2>&1` error=`echo $output | grep "is unknown"` if [ -z "$error" ] ; then FETCH="/usr/bin/curl -SksO" else FETCH="/usr/bin/curl -SsO" HTTP_PUB_DIRECTORY=http://${HOSTNAME}/pub HTTPS_PUB_DIRECTORY=https://${HOSTNAME}/pub if [ $USING_SSL -eq 0 ] ; then HTTPS_PUB_DIRECTORY=${HTTP_PUB_DIRECTORY} echo echo "UPDATING RHN_REGISTER/UP2DATE CONFIGURATION FILES"...
  • Page 39 $FETCH ${HTTPS_PUB_DIRECTORY}/${ORG_GPG_KEY} # get the major version of up2date res=$(rpm -q --queryformat '%{version}' up2date | sed -e 's/\..*//g') if [ $res -eq 2 ] ; then gpg $(up2date --gpg-flags) --import $ORG_GPG_KEY else rpm --import $ORG_GPG_KEY echo echo "* attempting to install corporate public CA cert" if [ $USING_SSL -eq 1 ] ;...
  • Page 40 Appendix A. Sample Bootstrap Script echo echo "OTHER ACTIONS" echo "------------------------------------------------------" if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then echo "up2date up2date; up2date -p; up2date -uf (conditional)" else echo "up2date up2date; up2date -p" echo "but any post configuration action can be added here. " echo "------------------------------------------------------"...

  • Page 41: Revision History

    Appendix B. Revision History Revision History Revision 1.0...

  • Page 43: Index

    Index using, 23 using the script, 25 RHN SSL Maintenance Tool generating the CA, 17 Symbols generating the server certificate, 18 --configure generation explained, 13 use of, 5 options, 14 rhn-ssl-tool, 12 rhn-ssl-tool generating the CA, 17 activation keys generating the server certificate, 18 registering with, 4 generation explained, 13 options, 14...

Table of Contents