Related Manuals for Red Hat NETWORK SATELLITE 5.3.0 - PROXY
Summary of Contents for Red Hat NETWORK SATELLITE 5.3.0 - PROXY
- Page 1 Red Hat Network Satellite 5.3.0 Proxy Installation Guide Red Hat Network Satellite...
- Page 2 Proxy Installation Guide Red Hat Network Satellite 5.3.0 Proxy Installation Guide Red Hat Network Satellite Edition 2 Copyright © 2010 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA").
-
Page 3: Table Of Contents
1. Introduction 1.1. Red Hat Network ......................1 1.2. RHN Proxy Server ....................... 1 1.3. Terms to Understand ....................2 1.4. How it Works ....................... 3 2. Requirements 2.1. Software Requirements ....................5 2.2. Hardware Requirements ....................6 2.3. Disk Space Requirements .................... 6 2.4. -
Page 5: Introduction
RHN channels, using the RHN Package Manager. For instance, an organization could develop its own software, package it in an RPM, sign it with its Throughout this document, "RHN" may refer to either RHN's Hosted site (http://rhn.redhat.com) or an RHN Satellite Server. -
Page 6: Terms To Understand
Chapter 1. Introduction own GPG signature, and have the local RHN Proxy Server update all of the individual systems in the network with the latest versions of the custom software. Advantages of using RHN Proxy Server include: • Scalability — there can be multiple local RHN Proxy Servers within one organization. •... -
Page 7: How It Works
RHN Proxy Server's configuration file. For more detailed explanations of these terms and others, refer to the Red Hat Network Reference Guide available at http://www.redhat.com/docs/manuals/satellite/ and the Help page on the Satellite Web user interface. - Page 8 Chapter 1. Introduction type of RHN client. Clients are thus not affected by the route a request takes to reach a Red Hat Network Server. All the logic is implemented in the RHN Proxy Servers and Red Hat Network Servers. Optionally, the RHN Package Manager can be installed and configured to serve custom packages.
-
Page 9: Requirements
Chapter 2. Requirements These requirements must be met before installation. The Satellite itself must be of a version greater than or equal to the version of the Proxy that you are trying to install. For example, if you want to install RHN Proxy Server 5.1, the Satellite version should be 5.1 or later, and can not be 5.0 or lower. -
Page 10: Hardware Requirements
Chapter 2. Requirements • Finally, you can use the system-config-securitylevel-tui command and reboot the system. • An available RHN Proxy Server entitlement within your RHN Satellite Server account. • An available Provisioning entitlement within your RHN Satellite Server account (which should come packaged with your RHN Proxy Server entitlement). -
Page 11: Additional Requirements
Port Direction Reason Outbound Proxy uses this port to reach rhn.redhat.com, xmlrpc.rhn.redhat.com, and your Satellite URL (depending on whether RHN Proxy is talking to either RHN Hosted or a Satellite Server). Inbound Client requests come in via either http or... - Page 12 Chapter 2. Requirements Synchronized System Times There is great time sensitivity when connecting to a Web server running SSL (Secure Sockets Layer); it is imperative the time settings on the clients and server are reasonably close together so the that SSL certificate does not expire before or during use. It is recommended that Network Time Protocol (NTP) be used to synchronize the clocks.
-
Page 13: Example Topologies
Chapter 3. Example Topologies The RHN Proxy Server can be configured in multiple ways. Select one method depending on the following factors: 1. The total number of client systems to be served by the RHN Proxy Server 2. The maximum number of clients expected to connect concurrently to the RHN Proxy Server. 3. -
Page 14: Multiple Proxy Vertically Tiered Topology
Chapter 3. Example Topologies • A Network File System (NFS) share can be established between the Proxies and the custom channel repository. Either of these solutions will allow any client of any RHN Proxy Servers to have all custom packages delivered to them. -
Page 15: Proxies With Rhn Satellite Server
Proxies with RHN Satellite Server Figure 3.3. Multiple Proxy Vertically Tiered Topology 3.4. Proxies with RHN Satellite Server In addition to the methods described in detail within this chapter, customers also have the option of using RHN Proxy Server in conjunction with RHN Satellite Server. This works similarly to the vertically tiered Proxy configuration but increases capacity significantly, as Satellites can serve a much greater number of client systems. -
Page 17: Installation
Chapter 4. Installation This chapter describes the initial installation of the RHN Proxy Server. It presumes the prerequisites Chapter 2, Requirements have been met. However, if you are upgrading to a newer version of listed in RHN Proxy Server, contact your Red Hat representative for assistance. 4.1. - Page 18 RHN Parent [satserver.example.com]: The RHN Parent is the domain name or address of the system that serves the Proxy, which could be the RHN Hosted servers (xmlrpc.rhn.redhat.com), or an RHN Satellite Server server. Traceback email []: The Traceback email is the email address to which error-related traceback messages are mailed, usually the email of the Proxy administrator.
- Page 19 RHN Proxy Server Installation Process If the RHN Proxy Server connects through an HTTP proxy, enter the proxy hostname and port number, such as corporate.proxy.example.com:3128 Regardless of whether you enabled SSL for the connection to the Proxy Parent Server, you will be prompted to generate an SSL certificate. This SSL certificate will allow client systems to connect to this Spacewalk Proxy securely.
-
Page 20: The Answer File
Chapter 4. Installation Local file /etc/httpd/conf.d/ssl.conf -> remote file /etc/httpd/conf.d/ssl.conf Local file /etc/rhn/rhn.conf -> remote file /etc/rhn/rhn.conf Local file /etc/rhn/cluster.ini -> remote file /etc/rhn/cluster.ini Local file /etc/squid/squid.conf -> remote file /etc/squid/squid.conf Local file /etc/httpd/conf.d/cobbler-proxy.conf -> remote file /etc/httpd/conf.d/cobbler- proxy.conf Local file /etc/httpd/conf.d/rhn_proxy.conf -> remote file /etc/httpd/conf.d/ rhn_proxy.conf Local file /etc/httpd/conf.d/rhn_broker.conf ->... - Page 21 The Answer File SSL_ORG="Red Hat" SSL_ORGUNIT="Spacewalk" SSL_CITY=Raleigh SSL_STATE=NC SSL_COUNTRY=US INSTALL_MONITORING=N ENABLE_SCOUT=N CA_CHAIN=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT POPULATE_CONFIG_CHANNEL=Y To use an answer file (called answers.txt for example) with configure-proxy.sh, type the following: configure-proxy.sh --answer-file=answers.txt...
-
Page 23: Rhn Package Manager
Before local packages can be provided through the RHN Proxy Server, a private channel is needed to store them. Perform the following steps to create a private channel: 1. Log in to the RHN Web interface at https://rhn.redhat.com. 2. Click Channels on the top navigation bar. If the Manage Channels option is not present in the left navigation bar, ensure that this user has channel editing permissions set. -
Page 24: Command Line Options
Chapter 5. RHN Package Manager rhn_package_manager -c "label_of_private_channel" pkg-list pkg-list is the list of packages to be uploaded. Alternatively, use the -d option to specify the local directory that contains the packages to add to the channel. Ensure that the directory contains only the packages to be included and no other files. - Page 25 Command Line Options Option Description List each package name, version number, release number, -l, --list and architecture in the specified channel(s). Check if local directory is in sync with the server. -s, --sync Print the current configuration and exit. -p, --printconf Exclude files matching this glob expression —...
-
Page 27: Troubleshooting
This chapter provides tips for determining the cause of and resolving the most common errors associated with RHN Proxy Server. If you need additional help, contact Red Hat Network support at https://rhn.redhat.com/help/contact.pxt. Log in using your Satellite-entitled account to see your full list of options. -
Page 28: General Problems
The latest version contains features necessary to connect through an RHN Proxy Server. The latest version can be obtained through the Red Hat Network by issuing the command yum http://www.redhat.com/support/errata/ update yum as root or from Table 6.1, “Log Files”... -
Page 29: Host Not Found/Could Not Determine Fqdn
Host Not Found/Could Not Determine FQDN If the administrator is not getting email from the RHN Proxy Server, confirm the correct email addresses have been set for traceback_mail in /etc/rhn/rhn.conf. 6.5. Host Not Found/Could Not Determine FQDN Because RHN configuration files rely exclusively on fully qualified domain names (FQDN), it is imperative that key applications are able to resolve the name of the RHN Proxy Server into an IP address. -
Page 30: Caching Issues
Chapter 6. Troubleshooting • If using one or more RHN Proxy Servers, ensure each Proxy's SSL certificate is prepared correctly. If using the RHN Proxy Server in conjunction with an RHN Satellite Server the Proxy should have both its own server SSL key-pair and CA SSL public (client) certificate installed, since it will serve in both capacities. -
Page 31: Proxy Debugging By Red Hat
Proxy issues. You can access the Red Hat Knowledgebase at kbase.redhat.com. Additionally, Red Hat provides a command line tool called the SoS Report, commonly known by its command sosreport. This tool collects your Proxy's configuration parameters, log files, and database information and sends it directly to Red Hat. -
Page 33: Rhn Proxy Server Installation Via Satellite Website
Appendix A. RHN Proxy Server Installation via Satellite Website Section 4.2, “RHN Proxy Server Installation Process”, In addition to the installation method outlined in you can also install RHN Proxy Server via the RHN Satellite Server website. Warning This method of installation has been deprecated and may be removed in a future version of RHN Satellite Server. - Page 34 Appendix A. RHN Proxy Server Installation via Satellite Website /usr/bin/rhn-actions-control --enable-all 8. Within the RHN website, navigate to the System Details => Details => Proxy subtab. Warning Please note that the RHN Proxy Server installation may replace the squid.conf and httpd.conf configuration files on the system to ease upgrades later.
- Page 35 Figure A.2. Welcome 10. In the Welcome page, you will find notification of any requirements not met by the system. When the system is ready, a continue link appears. Click it to go to the Terms & Conditions page.
- Page 36 Appendix A. RHN Proxy Server Installation via Satellite Website Figure A.3. Terms & Conditions 11. In the Terms & Conditions page, click the terms and conditions link to view the licensing agreement of the RHN Proxy Server. When satisfied, click the I agree link. You must agree in order to continue with the installation.
- Page 37 Figure A.4. Enable Monitoring 12. In the Enable Monitoring page, you must decide whether the Proxy will be used to monitor systems served by it. For this to take place, the RHN Proxy Server must meet the requirements Chapter 2, Requirements identified in and must be connected to an RHN Satellite Server (or another Proxy connected to a Satellite).
- Page 38 The RHN Parent Server is the domain name of the server serving the Proxy — either the central RHN servers, another RHN Proxy Server or an RHN Satellite Server. To connect to the central RHN servers, include the value xmlrpc.rhn.redhat.com. To connect to a Satellite or another Proxy, enter the parent system's FQDN.
- Page 39 The installation process affects only the Proxy configuration file: /etc/rhn/ rhn.conf. The Red Hat Update Agent (up2date) configuration file, /etc/ sysconfig/rhn/up2date, must be updated manually to receive its updates from another server, such as an RHN Satellite Server. Finally, you must decide whether to enable SSL using the checkbox at the bottom. Red Hat strongly recommends that you employ this level of encryption for all traffic to and from the RHN Proxy Server.
- Page 40 Appendix A. RHN Proxy Server Installation via Satellite Website Figure A.6. Configure SSL 14. In the Configure SSL page applicable only to a Proxy connecting to an RHN Satellite Server with SSL enabled, provide the information needed to generate the server certificate. The most important item is the CA certificate password, which must match the password used while enabling SSL on the parent server.
- Page 41 Figure A.7. Configure Monitoring 15. In the Configure Monitoring page, provide or confirm the hostname and IP address of the parent server connected to by the RHN Proxy Server. This must be either an RHN Satellite Server or another Proxy which is in turn connected to a Satellite. You cannot achieve Monitoring through the central RHN Servers.
- Page 42 Appendix A. RHN Proxy Server Installation via Satellite Website 17. When all items on the Install Progress page are Completed, the Proxy is ready for use. You can now register systems to RHN through the Proxy.
-
Page 43: Sample Rhn Proxy Server Configuration File
# Username for that corporate HTTP proxy proxy.http_proxy_username = # Location of locally built, custom packages proxy.pkg_dir = /var/spool/rhn-proxy # Hostname of RHN Server or RHN Satellite proxy.rhn_parent = rhn.redhat.com # Destination of all tracebacks, etc. traceback_mail = user0@domain.com, user1@domain.com... -
Page 45: Revision History
Appendix C. Revision History Revision 1.0 Fri Feb 27 2009... -
Page 47: Index
Index port 443, 7 5222, 7 80, 7 additional requirements, 7 port 443, 7 advantages, 2 port 4545, 7 authentication, 3 port 80, 7 authentication caching private channel, 19 clearing, 26 Proxy Ports, 7 caching issues, 26 questions and answers, 23 channel, 2 creating a private channel, 19 Channel Adminstrator, 2... - Page 48 Index multiple proxies vertically tiered, 10 proxies with RHN Satellite Server, 11 single proxy, 9 traceback, 2 troubleshooting, 23...