1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. NETWORK SATELLITE 5.2 - CHANNEL MANAGEMENT
  6. Installation manual

Red Hat NETWORK SATELLITE 5.2 Installation Manual

Hide thumbs Also See for NETWORK SATELLITE 5.2:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Configuration Manual
Red Hat Network
Satellite 5.2
Installation Guide
Red Hat Network Satellite

Advertisement

Table of Contents
loading

Related Manuals for Red Hat NETWORK SATELLITE 5.2

Summary of Contents for Red Hat NETWORK SATELLITE 5.2

  • Page 1 Red Hat Network Satellite 5.2 Installation Guide Red Hat Network Satellite...
  • Page 2 Installation Guide Red Hat Network Satellite 5.2 Installation Guide Red Hat Network Satellite Edition 5.2...

  • Page 3: Table Of Contents

    1. Introduction 1.1. Red Hat Network ......................1 1.2. RHN Satellite Server ....................1 1.3. Terms to Understand ....................2 1.4. How it Works ....................... 3 1.5. Summary of Steps ....................... 5 1.6. Upgrades ........................6 1.6.1. Satellite Certificate ..................... 6 1.6.2.
  • Page 4 Installation Guide 7.4. Connection Errors ...................... 49 7.5. Updated Software Components ................... 50 7.6. Satellite Debugging by Red Hat .................. 51 8. Maintenance 8.1. Managing the Satellite Service ..................53 8.2. Updating the Satellite ....................53 8.3. Backing Up the Satellite ..................... 54 8.4.

  • Page 5: Introduction

    Chapter 1. Introduction RHN Satellite Server provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows Red Hat Network customers the greatest flexibility and power in keeping servers secure and updated. Two types of RHN Satellite Server are available: One with a stand-alone database on a separate machine and one with an embedded database installed on the same machine as the Satellite.

  • Page 6: Terms To Understand

    Chapter 1. Introduction Advantages of using RHN Satellite Server include: • Security — an end-to-end secure connection is maintained from the client systems to the RHN Satellite Server without connecting to the public Internet. • Efficiency — packages are delivered significantly faster over a local area network. •...

  • Page 7: How It Works

    How it Works critical error occurs and are mailed to the individual(s) designated in the RHN Satellite Server's configuration file. For more detailed explanations of these terms and others, refer to the Red Hat Network Reference Guide. 1.4. How it Works RHN Satellite Server consists of the following components: •...
  • Page 8 Chapter 1. Introduction When a client requests updates, the organization's internal RHN Satellite Server queries its database, authenticates the client system, identifies the updated packages available for the client system, and sends the requested RPMs back to the client system. Depending upon the client's preferences, the package may also be installed.

  • Page 9: Summary Of Steps

    3. Your Red Hat contact creates a Satellite-entitled account on the RHN website and sends you the login information. 4. Log into the RHN website (rhn.redhat.com) and download the distribution ISOs for Red Hat Enterprise Linux AS 4 or Red Hat Enterprise Linux 5 and RHN Satellite Server 5.2.0. These can be found within the Downloads tab of the respective Channel Details pages.

  • Page 10: Upgrades

    • Satellite Upgrade Documentation Package (rhn-upgrade) • New Installation ISO 1.6.1. Satellite Certificate To obtain a Satellite certificate, visit Red Hat support at http://support.redhat.com. 1.6.2. Satellite Upgrade Documentation Package (rhn-upgrade) There are two ways to obtain this RPM: 1. Ensure the satellite is registered to RHN and to the Red Hat Network Satellite Channel, then using...

  • Page 11: Requirements

    /etc/selinux/config file to read SELINUX=permissive and reboot the system. More in-depth coverage of SELinux is available at http://www.redhat.com/docs/. You may also refer to the Red Hat Knowledgebase article on SELinux and RHN Satellite Server at http://kbase.redhat.com/faq/.
  • Page 12 Chapter 2. Requirements Stand-Alone Database Embedded Database Required - Pentium IV processor, 2.4GHz, 512K Required - Pentium IV processor, 2.4GHz, 512K cache or equivalent cache or equivalent Recommended - Pentium IV processor, 2.4GHz Recommended - Pentium IV processor, 2.4GHz dual processor, 512K cache or equivalent dual processor, 512K cache or equivalent Required - 2 GB of memory Required - 2 GB of memory...

  • Page 13: Database Requirements

    Database Requirements 2.3. Database Requirements This section applies only to RHN Satellite Server with Stand-Alone Database as the requirements for the Embedded Database are included in the Satellite machine's hardware requirements. Red Hat supports RHN Satellite Server 5.2.0 installations in conjunction with Oracle Database 10g Release 2, Standard or Enterprise Edition.

  • Page 14: Additional Requirements

    TCP ports must be opened on the Satellite, depending on your implementation of RHN Satellite Server: Port Direction Reason Outbound Satellite uses this port to reach rhn.redhat.com xmlrpc.rhn.redhat.com satellite.rhn.redhat.com (unless running in a disconnected mode for Satellite) Inbound WebUI and client requests come in via...
  • Page 15 Additional Requirements Port Direction Reason satellite.rhn.redhat.com (unless running in a disconnected mode for Satellite) 4545 Outbound RHN Satellite Server Monitoring makes connections to rhnmd running on client systems, if Monitoring is enabled and probes are configured for registered systems. 5222...
  • Page 16 It is imperative that customers keep track of all primary login information. For RHN Satellite Server, this includes usernames and passwords for the Organization Administrator account on rhn.redhat.com, the primary administrator account on the Satellite itself, SSL certificate generation, and database connection (which also requires a SID, or net service name). Red Hat strongly recommends this information be copied onto two separate floppy disks, printed out on paper, and stored in a fireproof safe.
  • Page 17 Additional Requirements • If the Satellite serves Monitoring-entitled systems and you wish to acknowledge via email the alert notifications you receive, you must configure sendmail to properly handle incoming mail as Section 4.4, “Sendmail Configuration”. described in Finally, you should have the following technical documents in hand for use in roughly this order: 1.

  • Page 19: Example Topologies

    Chapter 3. Example Topologies The RHN Satellite Server can be configured in multiple ways. Select one method depending on the following factors: • The total number of client systems to be served by the RHN Satellite Server. • The maximum number of clients expected to connect concurrently to the RHN Satellite Server. •...

  • Page 20: Satellite-Proxy Vertically Tiered Topology

    Chapter 3. Example Topologies It is possible to synchronize content between RHN Satellites using the rhn-satellite-exporter Section 6.1.1, “rhn- and satellite-sync -m commands. This feature is discussed in detail in satellite-exporter”. Additional maintenance is the biggest disadvantage of this horizontal structure. Figure 3.2.
  • Page 21 Satellite-Proxy Vertically Tiered Topology Figure 3.3. Satellite-Proxy Vertically Tiered Topology...

  • Page 23: Installation

    Chapter 4. Installation This chapter describes the initial installation of the RHN Satellite Server. It presumes the prerequisites Chapter 2, Requirements listed in have been met. If you are instead upgrading to a newer version of RHN Satellite Server, contact your Red Hat representative for assistance. 4.1.
  • Page 24 Chapter 4. Installation 4. Ensure that the RHN Entitlement Certificate has been copied onto the Satellite's file system. It can be named anything and located in any directory. The installation program will ask you for its location. Also, make sure your account has been granted the necessary entitlements to conduct the installation.
  • Page 25 RHN Satellite Server Installation Program 10. T he next step creates and populates the initial database, if you have opted for the RHN Satellite Server with Embedded Database. If you are installing RHN Satellite Server with Stand-Alone Database, the installer connects with the database. This step can take quite a while. If you would like to monitor the progress of the installation, use tail in a separate window to monitor the /var/ log/rhn/install_db.log file.
  • Page 26 Chapter 4. Installation Visit https://your-satellite.example.com to create the satellite administrator account. 15. F ollow the on-screen instructions and visit the FQDN of your Satellite via a web browser. Create the satellite administrator account - also referred to as the Organization Administrator - and click the Create Login button to move to the next screen, the Your RHN screen.
  • Page 27 RHN Satellite Server Installation Program Figure 4.2. Final Configuration Prompt 17. T he Satellite Configuration - General Configuration page allows you to alter the most basic Satellite settings, such as the admin email address and whether Monitoring is enabled.
  • Page 28 Chapter 4. Installation Figure 4.3. General Configuration 18. T he RHN Satellite Configuration - Monitoring page allows you to configure the monitoring aspects of this Satellite. The local mail exchanger and local main domain are used to mail monitoring notification messages to administration. This is required only if you intend to receive alert notifications from probes.
  • Page 29 RHN Satellite Server Installation Program Figure 4.4. Monitoring 19. T he RHN Satellite Configuration - Certificate page allows you to upload a new Satellite certificate. To identify the certificate's path, click Browse, navigate to the file, and select it. To input its contents, open your certificate in a text editor, copy all lines, and paste them directly into the large text field at the bottom.
  • Page 30 Chapter 4. Installation Figure 4.5. Certificate 20. T he RHN Satellite Configuration - Bootstrap page allows you to generate a bootstrap script for redirecting client systems from the central RHN Servers to the Satellite. This script, to be placed in the /var/www/html/pub/bootstrap/ directory of the Satellite, significantly reduces the effort involved in reconfiguring all systems, which by default obtain packages from the central RHN Servers.
  • Page 31 RHN Satellite Server Installation Program Figure 4.6. Bootstrap 21. T he RHN Satellite Configuration - Restart page contains the final step in configuring the Satellite. Click the Restart button to restart the Satellite in order to incorporate all of the configuration options added on the previous screens.

  • Page 32: Options To The Satellite Installation Program

    Chapter 4. Installation Figure 4.7. Restart 22. O nce the Satellite has restarted, the countdown notice disappears. You are now free to begin using your Satellite. Figure 4.8. Restart Complete 4.2.1. Options to the Satellite Installation Program The various options available for the Satellite Installation Program are included below for easy reference.

  • Page 33: Automated Rhn Satellite Server Installation

    Automated RHN Satellite Server Installation Option Usage For use only with --answer-file. If the --answer- --non-interactive file does not provide a required response, exit instead of prompting the user. Register the system with RHN, even if it is already registered. --re-register Install the satellite in disconnected mode.

  • Page 34: Sendmail Configuration

    Chapter 4. Installation 4. Once the answer file is ready, use the --answer-file option when starting the installation process from the command line: ./install.pl --answer-file=/tmp/answers.txt The RHN Satellite Server Installation Program then looks for answers in the file. For any option no filled out in the file, the Installer Program prompts the user for the missing information.

  • Page 35: Mysql Installation

    MySQL Installation Restart sendmail: service sendmail restart 4.5. MySQL Installation This sections is applicable only if your RHN Satellite Server will serve Monitoring-entitled systems and you wish to run MySQL probes against them. Refer to the Probes appendix of the RHN Satellite Reference Guide for a list of available probes.

  • Page 37: Entitlements

    Chapter 5. Entitlements The RHN Satellite Server, like RHN itself, provides all services to customers through the setting of entitlements. For RHN, entitlements are purchased by customers as needed; however, for RHN Satellite Server, entitlements are contractually agreed-upon beforehand, and they are set at installation time.

  • Page 38: Uploading The Rhn Entitlement Certificate

    5.2. Uploading the RHN Entitlement Certificate If your RHN Satellite Server is connected to the Internet, you have the option of uploading your new RHN Entitlement Certificate through the RHN website. To do this: https://rhn.redhat.com 1. Log into with your organization's Satellite-entitled account.

  • Page 39: Activating The Satellite

    Activating the Satellite Option Description Display the help screen with a list of options. -h, --help Confirm certificate sanity. Does not activate the --sanity-only Satellite locally or remotely. Activates locally but not on remote RHN Servers. --disconnected Uploads new certificate and activates the Satellite --rhn-cert=/PATH/TO/CERT based upon the other options passed (if any).
  • Page 40 Chapter 5. Entitlements A standard grace period of seven (7) days exists between the date of Satellite certificate expiration and when the Satellite becomes inactive. This grace period is provided in order for customers to contact Red Hat Support and obtain a new certificate. During the grace period, the following things happen: •...

  • Page 41: Importing And Synchronizing

    Chapter 6. Importing and Synchronizing After installing the RHN Satellite Server, you must provide it with the packages and channels to be served to client systems. This chapter explains how to import that data and keep it up to date whether the content is from RHN's central servers, local media, or from one Satellite within your organization to another.

  • Page 42: Exporting

    Chapter 6. Importing and Synchronizing The RHN Satellite Exporter offers several command line options. To use them, insert the option and appropriate value after the rhn-satellite-exporter command. Option Description Place the exported information into this directory. -d, --dir= Process data for this specific channel (specified -cCHANNEL_LABEL, -- by label) only.

  • Page 43: Importing With Rhn Satellite Synchronization Tool

    Importing with RHN Satellite Synchronization Tool • The RHN Satellite Server installation must have been performed successfully. • There must be sufficient disk space in the directory specified in the --dir option to contain the exported contents. Although it is not a requirement for the export to succeed, the export will be most useful when performed on a Satellite that has populated channels.
  • Page 44 Chapter 6. Importing and Synchronizing first identify the associated channel(s). For this reason, the RHN Satellite Synchronization Tool performs its actions in the following order: 1. channel-families — Import/synchronize channel family (architecture) data. 2. channels — Import/synchronize channel data. 3. rpms — Import/synchronize RPMs. 4.

  • Page 45: Preparing For Import From Local Media

    Preparing for Import from Local Media Option Description Forcibly process all package data without --force-all-packages conducting a diff. Override the amount of messaging sent --debug-level=LEVEL_NUMBER to log files and generated on the screen set in /etc/rhn/rhn.conf, 0-6 (2 is default). Email a report of what was imported/ --email synchronized to the designated recipient...
  • Page 46 Chapter 6. Importing and Synchronizing Although it is possible to conduct the import directly from the RHN website, this should be done only if Channel Content ISOs are not available. It takes a long time to populate a channel from scratch over the Internet.

  • Page 47: Running The Import

    Running the Import 6.2.2.2. Preparing RHN Satellite Exporter Data In order to perform the import from data previously exported using RHN Satellite Exporter, you must first copy that data onto the local system. Steps such as the following will enable you to procede to Section 6.2.3, “Running the Import”.

  • Page 48: Synchronizing

    Chapter 6. Importing and Synchronizing -c channel-label-2 \ --mount-point /var/rhn-sat-import This conducts the following tasks in this order: Populating the tables describing common features for channels (channel families). This can also be accomplished individually by passing the --step=channel-families option to satellite- sync.

  • Page 49: Synchronizing Errata And Packages Directly Via Rhn

    Synchronizing Errata and Packages Directly via RHN Note All analysis is performed on the RHN Satellite Server; the central RHN Servers deliver only an export of its channel information and remain ignorant of any details regarding the RHN Satellite Server. 3.

  • Page 51: Troubleshooting

    This chapter provides tips for determining the cause of and resolving the most common errors associated with RHN Satellite Server. If you need additional help, contact Red Hat Network support at https://rhn.redhat.com/help/contact.pxt. Log in using your Satellite-entitled account to see your full list of options.
  • Page 52 If the administrator is not getting email from the RHN Satellite Server, confirm the correct email addresses have been set for traceback_mail in /etc/rhn/rhn.conf. If the traceback mail is marked from dev-null@rhn.redhat.com and you would like the address to be valid for your organization, include the web.default_mail_from option and appropriate value in / etc/rhn/rhn.conf.

  • Page 53: Host Not Found/Could Not Determine Fqdn

    Host Not Found/Could Not Determine FQDN Next, restart the importation or synchronization. If up2date or the push capability of the RHN Satellite Server ceases to function, it is possible that old log files may be at fault. Stop the jabberd daemon before removing these files. To do so, issue the following commands as root: service jabberd stop cd /var/lib/jabberd...

  • Page 54: Updated Software Components

    Chapter 7. Troubleshooting To troubleshoot this, check the date and time on the clients and the Satellite with the following command: date The results should be nearly identical for all machines and within the "notBefore" and "notAfter" validity windows of the certificates. Check the client certificate dates and times with the following command: openssl x509 -dates -noout -in /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT Check the Satellite server certificate dates and times with the following command: openssl x509 -dates -noout -in /etc/httpd/conf/ssl.crt/server.crt...

  • Page 55: Satellite Debugging By Red Hat

    Satellite Debugging by Red Hat • Red Hat Developer Suite • Red Hat Application Server • Red Hat Extras Subscribing to these channels and updating your Satellite (such as by running up2date), may install newer, incompatible versions of critical software components, causing the Satellite to fail. 7.6.

  • Page 57: Maintenance

    For RHN Satellite Server systems that may not be connected to the Internet, the packages themselves may be retrieved using a customer account at https://rhn.redhat.com. Then, they can be applied manually by the customer according to instructions in the Errata Advisory.

  • Page 58: Backing Up The Satellite

    • /root/ssl-build/ If possible, back up /var/satellite/, as well. In case of failure, this will save lengthy download time. Since /var/satellite/ (specifically /var/satellite/redhat/NULL/) is primarily a duplicate of Red Hat's RPM repository, it can be regenerated with satellite-sync. Red Hat recommends the entire /var/satellite/ tree be backed up.

  • Page 59: Using Rhn Db Control

    Using RHN DB Control 8.4. Using RHN DB Control RHN Satellite Server with Embedded Database requires a utility for managing that database. Red Hat provides just such a tool: RHN DB Control. This command line utility allows you to do everything from make, verify, and restore backups to obtain database status and restart it when necessary.

  • Page 60: Backing Up The Database

    Chapter 8. Maintenance Option Description Verifies the contents of the backup kept in DIRNAME. verify DIRNAME This command checks the md5sums of each of the files kept in the backup. Table 8.1. RHN DB Control Options Note Database statistics are collections of data that describe more details about the database and the objects in the database.

  • Page 61: Verifying The Backup

    Verifying the Backup service rhn-satellite start You should then copy that backup to another system using rsync or another file-transfer utility. Red Hat strongly recommends scheduling the backup process automatically using cron jobs. For instance, back up the system at 3 a.m. and then copy the backup to the separate repository (partition, disk, or system) at 6 a.m.

  • Page 62: Establishing Redundant Satellites With Stand-Alone Db

    Chapter 8. Maintenance Section 8.4.2, 2. Back up the primary Satellite's database daily using the commands described in “Backing up the Database”. If this is done, only changes made the day of the failure will be lost. 3. Establish a mechanism to copy the backup to the secondary Satellite and keep these repositories synchronized using a file transfer program such as rsync.

  • Page 63: Conducting Satellite-Specific Tasks

    Conducting Satellite-Specific Tasks redistribute the client-side certificate. If you also created another bootstrap script, you may use this to install the certificate on client systems. 5. If you did not create a new bootstrap script, copy the contents of /var/www/html/pub/ bootstrap/ from the primary Satellite to the secondary.

  • Page 64: Deleting Users

    Chapter 8. Maintenance Figure 8.1. Internal Tools To refresh the view of channels that have been updated but do not yet reflect those modifications on the Satellite website, click the Update Errata cache now link on this page. 8.7.1.1. Maintaining the RHN Task Engine The default display shows the status of the RHN Task Engine.
  • Page 65 Deleting Users bar of the RHN website. In the resulting User List, click the name of the user to be removed. This takes you to the User Details page. Click the delete user link at the top-right corner of the page. Figure 8.2.

  • Page 66: Automating Synchronization

    Chapter 8. Maintenance Figure 8.3. User Delete Confirmation Many other options exist for managing users. You can find instructions for them in the RHN website chapter of the RHN Reference Guide. 8.8. Automating Synchronization Manually synchronizing the RHN Satellite Server repository with Red Hat Network can be a time- intensive task.

  • Page 67: Implementing Pam Authentication

    Implementing PAM Authentication This particular job will run randomly between 1:00 a.m. and 3:30 a.m. system time each night and redirect stdout and stderr from cron to prevent duplicating the more easily read message from Table 6.2, “Satellite satellite-sync. Options other than --email can also be included. Refer to Import/Sync Options”...
  • Page 68 Chapter 8. Maintenance the typical delay between scheduling an action and the client system checking in with RHN to retrieve Important SSL must be employed between the Satellite and its clients systems for this feature to work. If the SSL certificates are not available, the daemon on the client system fails to connect.

  • Page 69: Sample Rhn Satellite Server Configuration File

    #/etc/rhn/rhn.conf example for an RHN Satellite #---------------------------------------------- # Destination of all tracebacks, such as crash information, etc. traceback_mail = test@pobox.com, test@redhat.com # Location of RPMs (Red Hat and custom) served by the RHN Satellite mount_point = /var/satellite # Corporate gateway (hostname:PORT): server.satellite.http_proxy = corporate_gateway.example.com:8080...
  • Page 70 Appendix A. Sample RHN Satellite Server Configuration File RHN::Task::DailySummary, RHN::Task::SummaryPopulation, RHN::Task::RHNProc, RHN::Task::PackageCleanup web.rhn_gpg_backend_module = RHN::GPG::OpenPGP web.restrict_mail_domains =...

  • Page 71: Revision History

    Appendix B. Revision History Revision History Revision 1.0...

  • Page 73: Index

    Index /rhnsat/, 19 enabling push to clients, 63 entitlement certificate, 11, 19 uploading, 34 Symbols /etc/nsswitch.conf, 49 /etc/rhn/rhn.conf, 48 firewall rules requirements, 10 advantages, 2 Apache, 53 general problems, 47 Apache HTTP, 3 GPG keys, 19 automating Satellite synchronization, 62 host not found error backing up the RHN Satellite Server, 54 could not determine FQDN, 49...
  • Page 74 Index options, 40 RHN Task Engine, 60 operating system rhn-satellite supported, 7 service, 53 Oracle 10g, 3 rhn-satellite-activate, 34 Organization Administrator activating, 35 definition, 2 options, 34 osa-dispatcher, 64 rhn-satellite-exporter, 37 osad, 64 export, 39 options, 38 rhn.conf PAM authentication sample file, 65 implementation, 63 rhns-satellite-tools, 34, 43...

Table of Contents