Generation - Red Hat NETWORK SATELLITE 5.3.0 - CLIENT Configuration Manual

Chapter 5. Using RHN Bootstrap
• Red Hat recommends your RPMs be signed by a custom GNU Privacy Guard (GPG) key. Make
the key available so you may refer to it from the script. Generate the key as described in the RHN
Channel Management Guide and place the key in the /var/www/html/pub/ directory of the RHN
Chapter 4, Importing Custom GPG
Server, per
• If you wish to use the script to deploy your CA SSL public certificate, have the certificate or the
package (RPM) containing that certificate available on that RHN Server and include it during script
generation with the --ssl-cert option. Refer to
• Have the values ready to develop one or many bootstrap scripts, depending on the variety of
systems to be reconfigured. Since RHN Bootstrap provides a full set of reconfiguration options,
you may use it to generate different bootstrap scripts to accommodate each type of system. For
instance, bootstrap-web-servers.sh might be used to reconfigure your Web servers, while
bootstrap-app-servers.sh can handle the application servers. Consult
Bootstrap Options"

5.2. Generation

Now that all of the necessary components are in place, you may use RHN Bootstrap to generate
the required scripts. Log into your RHN Satellite Server or RHN Proxy Server as root and issue the
rhn-bootstrap command followed by the desired options and values. If no options are included,
a bootstrap.sh file is created in the bootstrap/ subdirectory that contains the essential values
derived from the server, including hostname, the SSL certificate, it if exists, SSL and GPG settings,
and a call for the client-config-overrides.txt file.
At a minimum, Red Hat strongly recommends your scripts also accommodate activation keys, GPG
keys, and advanced configuration options in the following manner:
• Use the --activation-keys option to include keys, taking into account the entitlement
requirements identified in
• Use the --gpg-key option to identify the key path and filename during script generation.
Otherwise, use the --no-gpg option to turn off this verification on client systems. Red Hat
recommends retaining this security measure.
• Include the --allow-config-actions flag to enable remote configuration management on
all client systems touched by the script. This feature is useful in reconfiguring multiple systems
simultaneously.
• Include the --allow-remote-commands flag to enable remote script use on all client systems.
Like configuration management, this feature aids in reconfiguring multiple systems.
When you're done, your command will look something like this:
rhn-bootstrap --activation-keys KEY1,KEY2 \
--gpg-key /var/www/html/pub/MY_CORPORATE_PUBLIC_KEY \
--allow-config-actions \
--allow-remote-commands
Obviously, include the actual key names. Refer to
complete list of options.
22
for the complete list.
Section 5.1, "Preparation".
Keys.
Chapter 3, SSL Infrastructure
Section 5.4, "RHN Bootstrap Options"
for details.
Section 5.4, "RHN
for the