background image

Chapter 6. Troubleshooting

35

6.7. Caching Issues

If package delivery fails or an object appears to be corrupt, and it is not related to con-

nection errors, you should consider clearing the caches. The RHN Proxy Server has two

caches you should be concerned with: one for Squid and the other for authentication.
The Squid cache is located in

/var/spool/squid/

. To clear it, stop the Apache HTTP

Server and Squid, delete the contents of that directory, and restart both services. Issue these

commands in this order:

service httpd stop

service squid stop

rm -fv /var/spool/squid/*

service squid start

service httpd start

You may accomplish the same task more quickly by just clearing the directory and restart-

ing squid, but you will likely receive a number of RHN traceback messages.
The internal caching mechanism used for authentication by the Proxy may also need its

cache cleared. To do this, issue the following command:

rm -fv /var/cache/rhn/*

Although the RHN Authentication Daemon was deprecated with the release of RHN Proxy

Server 3.2.2 and replaced with the aforementioned internal authentication caching mech-

anism, the daemon may still be running on your Proxy. To turn it off, issue the following

individual commands in this order:

chkconfig --level 2345 rhn_auth_cache off

service rhn_auth_cache stop

To clear its cache, issue:

rm /var/up2date/rhn_auth_cache

If you must retain the RHN Authentication Daemon, which Red Hat recommends against

and does not support, note that its performance can suffer from verbose logging. For this

reason, its logging (to

/var/log/rhn/rhn_auth_cache.log

) is turned off by default.

If you do run the daemon and desire logging, turn it back on by adding the following line

to the Proxy’s

/etc/rhn/rhn.conf

file:

auth_cache.debug = 2

Summary of Contents for NETWORK PROXY SERVER 4.1.0 -

Page 1: ...RHN Proxy Server 4 1 0 Installation Guide ...

Page 2: ...able at http www opencontent org openpub Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder Distribution of the work or derivative of the work in any standard paper book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder Red Hat and the Red Hat Shadow Man logo a...

Page 3: ...xy Vertically Tiered Topology 12 3 4 Proxies with RHN Satellite Server 13 4 Installation 15 4 1 Base Install 15 4 2 RHN Proxy Server Installation Process 16 5 RHN Package Manager 27 5 1 Creating a Private Channel 27 5 2 Uploading Packages 27 5 3 Command Line Options 29 6 Troubleshooting 31 6 1 Managing the Proxy Service 31 6 2 Log Files 31 6 3 Questions and Answers 32 6 4 General Problems 32 6 5 H...

Page 4: ......

Page 5: ...n a single system without Red Hat Network Standard Protocols standard protocols are used to maintain security and increase capability For example XML RPC gives Red Hat Network the ability to do much more than merely download files Security all communication between registered systems and Red Hat Network takes place over secure Internet connections View Errata Alerts easily view Errata Alerts for a...

Page 6: ... organization Security an end to end secure connection is maintained from the client systems to the local RHN Proxy Server to the Red Hat Network servers Saves time packages are delivered significantly faster over a local area network than the Internet Saves bandwidth packages are downloaded from RHN only once per local Proxy Server s caching mechanism instead of downloading each package to each c...

Page 7: ... Users with this role are capable of creating channels and assigning packages to channels This role can be assigned by an Organization Administrator through the Users tab of the RHN website Red Hat Update Agent The Red Hat Update Agent is the Red Hat Network client application up2date that allows users to retrieve and install new or updated packages for the client system on which the application i...

Page 8: ...re connected via the LAN and are limited only by the speed of the local network Authentication is done in the following order 1 The client performs a login action at the beginning of a client session This login is passed through one or more RHN Proxy Servers until it reaches a Red Hat Network Server 2 The Red Hat Network Server attempts to authenticate the client If authentication is successful th...

Page 9: ...ecause they contain crucial RPM information such as software de pendencies that allows RHN to automate package installation The actual custom RPM packages are stored on the RHN Proxy Server and sent to the client systems from inside the organization s local area network Configuring a computer network to use RHN Proxy Servers is straightforward The Red Hat Network applications on the client systems...

Page 10: ...6 Chapter 1 Introduction ...

Page 11: ...Enterprise Linux AS 4 These are the only supported base operating systems for Proxies serving Monitoring entitled systems Each version of Red Hat Enterprise Linux AS requires a certain package set to support RHN Proxy Server Anything more can cause errors during installation Therefore Red Hat recommends obtaining the desired package set in the following ways Note For kickstarting either Red Hat En...

Page 12: ...Server Configuration of the system to accept remote commands and configuration management through Red Hat Network Refer to Section 4 2 RHN Proxy Server Installation Process for instructions 2 2 Hardware Requirements The following hardware configuration is required for the RHN Proxy Server Pentium III processor 1 26GHz 512K cache or equivalent 512 MB of memory 3 GB storage for base install of Red H...

Page 13: ...nections on port 5222 Synchronized System Times There is great time sensitivity when connecting to a Web server running SSL Se cure Sockets Layer it is imperative the time settings on the clients and server are reasonably close together so the that SSL certificate does not expire before or during use It is recommended that Network Time Protocol NTP be used to synchronize the clocks Fully Qualified...

Page 14: ...nally you should have the following technical documents in hand for use in roughly this order 1 The RHN Proxy Server Installation Guide This guide which you are now reading provides the essential steps necessary to get an RHN Proxy Server up and running 2 The RHN Client Configuration Guide This guide explains how to configure the systems to be served by an RHN Proxy Server or RHN Satellite Server ...

Page 15: ...N Proxy Servers being used in the customer environment The rest of this chapter describes possible configurations and explains their benefits 3 1 Single Proxy Topology The simplest configuration is to use a single RHN Proxy Server to serve your entire net work This configuration is adequate to service a small group of clients and a network that would benefit from caching Red Hat RPMs and storing c...

Page 16: ...ituation can be addressed in one of two ways The rsync file transfer program can be used to synchronize packages between the Prox ies A Network File System NFS share can be established between the Proxies and the custom channel repository Either of these solutions will allow any client of any RHN Proxy Servers to have all custom packages delivered to them Figure 3 2 Multiple Proxy Horizontally Tie...

Page 17: ...nnels and packages must be placed on the primary Proxy only to ensure distribution to the child Proxies Finally the configuration files of the secondary Proxies must point to the primary instead of directly at Red Hat Network Figure 3 3 Multiple Proxy Vertically Tiered Topology 3 4 Proxies with RHN Satellite Server In addition to the methods described in detail within this chapter customers also h...

Page 18: ...14 Chapter 3 Example Topologies described in the RHN Client Configuration Guide To find out how channels and packages are shared between them refer to the RHN Channel Management Guide ...

Page 19: ... Red Hat packages is var spool squid while custom packages are located in var spool rhn proxy Install the packages required by RHN Proxy Server and only those packages Note You must install only the base packages as others will cause the RHN Proxy Server installation to fail Refer to Section 2 1 Software Requirements for the method to obtain the correct package group needed for each version of Red...

Page 20: ...to the tools channel and then click the Change Subscriptions button to confirm your choice 4 Install all of the rhncfg packages by first navigating to the System System De tails Software Packages Install subtab Next search for rhncfg using the Filter by Package Name text search box In the resulting list select all of the packages and install them 5 If you will be enabling secure sockets layer SSL ...

Page 21: ...ed these files and want to preserve them they are rotated in place and can be retrieved after installation Figure 4 1 System Details Proxy 9 In the System Details Details Proxy subtab the pulldown menu should in dicate your ability to activate the system as an RHN Proxy Server Ensure that the correct version is selected and click the Activate Proxy button The Welcome page of the installation appea...

Page 22: ...nstallation Figure 4 2 Welcome 10 In the Welcome page you will find notification of any requirements not met by the system When the system is ready a continue link appears Click it to go to the Terms Conditions page ...

Page 23: ...ions page click the terms and conditions link to view the licensing agreement of the RHN Proxy Server When satisfied click the I agree link You must agree in order to continue with the installation For Proxies that register to a Satellite the Enable Monitoring page appears next ...

Page 24: ...nitor systems served by it For this to take place the RHN Proxy Server must meet the requirements identified in Chapter 2 Requirements and must be connected to an RHN Satellite Server or another Proxy connected to a Satellite To enable monitoring on the Proxy select the checkbox and click continue The Configure RHN Proxy Server page appears ...

Page 25: ...ator enter a comma separated list of email addresses The RHN Proxy Hostname is the fully qualified domain name FQDN of the RHN Proxy Server The RHN Parent Server is the domain name of the server serving the Proxy either the central RHN servers another RHN Proxy Server or an RHN Satellite Server To connect to the central RHN servers include the value xmlrpc rhn redhat com To connect to a Satellite ...

Page 26: ... or RHN Proxy Server that has SSL enabled Connection to the central RHN Servers requires upload of the certificate tar file mentioned earlier Connection to a Satellite or another Proxy through SSL requires the CA certificate password used in enabling SSL on the parent system If you choose not to enable SSL during installation leave this box unchecked and refer to the SSL Certificates chapter of th...

Page 27: ...the parent server The remaining fields may match the parent server s values but can differ depending on the role of the RHN Proxy Server for instance reflecting a different geographic location Similarly the email address may be the same one provided earlier for the Proxy administrator but may instead be directed to a particular certificate administrator Certificate expi ration is configurable As a...

Page 28: ... the hostname and IP address of the parent server connected to by the RHN Proxy Server This must be either an RHN Satellite Server or another Proxy which is in turn connected to a Satellite You cannot achieve Monitoring through the central RHN Servers When finished click continue The Install Progress page appears ...

Page 29: ...ted Like the earlier package installs you can immediately trigger these steps by running the rhn_check command in a terminal on the system as root When finished the In stall Progress page will display the message The installation is complete You may now begin registering systems to be served by the RHN Proxy Server Refer to the RHN Client Configuration Guide 17 When all items on the Install Progre...

Page 30: ...26 Chapter 4 Installation Figure 4 9 Install Complete ...

Page 31: ... Server a private channel is needed to store them Perform the following steps to create a private channel 1 Log in to the RHN Web interface at https rhn redhat com 2 Click Channels on the top navigation bar If the Manage Channels option is not present in the left navigation bar ensure that this user has channel editing permissions set Do this through the Users category accessible through the top n...

Page 32: ...list of packages from standard input using stdin To upload the package headers for the source RPMs rhn_package_manager c label_of_private_channel source pkg list If you have more than one channel specified using c or channel the uploaded pack age headers will be linked to all the channels listed Note If a channel name is not specified the packages are not added to any channel The packages can then...

Page 33: ...ges from directory DIR cCHANNEL channel CHANNEL Manage this channel may be present multiple times nNUMBER count NUMBER Process this number of headers per call the default is 32 l list List each package name version number release number and architecture in the specified channel s s sync Check if local directory is in sync with the server p printconf Print the current configuration and exit XPATTER...

Page 34: ...e pushed no ssl Not recommended Turn off SSL usage Briefly describe the options copyonly Copies the file listed in the argument into the specified channel Useful when a channel on the proxy is missing a package and you don t want to reimport all of the packages in the channel E g rhn_package_manager cCHANNEL copyonly PATH TO MISSING FILE h help Display the help screen with a list of options Table ...

Page 35: ... rhn proxy start service rhn proxy stop service rhn proxy restart service rhn proxy status Use the rhn proxy service to shut down and bring up the entire RHN Proxy Server and retrieve status messages from all of its services at once 6 2 Log Files Virtually every troubleshooting step should start with a look at the associated log file or files These files provide invaluable information about the ac...

Page 36: ...file logs all connections to the Squid server 3 The Red Hat Update Agent on the client systems does not connect through the RHN Proxy Server How can I resolve this error Make sure that the latest version of the Red Hat Update Agent is installed on the client systems The latest version contains features necessary to connect through an RHN Proxy Server The latest version can be obtained through the ...

Page 37: ...rrect email addresses have been set for traceback_mail in etc rhn rhn conf 6 5 Host Not Found Could Not Determine FQDN Because RHN configuration files rely exclusively on fully qualified domain names FQDN it is imperative that key applications are able to resolve the name of the RHN Proxy Server into an IP address Red Hat Update Agent Red Hat Network Registration Client and the Apache HTTP Server ...

Page 38: ...RHN Proxy Server and the corresponding rhn org trusted ssl cert noarch rpm or raw CA SSL public client certificate is installed on all client systems Verify the client systems are configured to use the appropriate certificate If using one or more RHN Proxy Servers ensure each Proxy s SSL certificate is prepared correctly If using the RHN Proxy Server in conjunction with an RHN Satellite Server the...

Page 39: ...he internal caching mechanism used for authentication by the Proxy may also need its cache cleared To do this issue the following command rm fv var cache rhn Although the RHN Authentication Daemon was deprecated with the release of RHN Proxy Server 3 2 2 and replaced with the aforementioned internal authentication caching mech anism the daemon may still be running on your Proxy To turn it off issu...

Page 40: ...s command rhn proxy debug To use this tool simply issue that command as root You will see the pieces of information collected and a single tarball created like so root rhel 4 root rhn proxy debug Collecting and packaging relevant diagnostic information Warning this may take some time copying configuration information copying logs querying RPM database versioning of RHN Proxy etc get diskspace avai...

Page 41: ... to 0 to turn off SSL between the Proxy and the upstream server temporarily Note that this greatly compromises security Return the setting to its default value of 1 to re enable SSL or simply remove the line from the configuration file Automatically generated RHN Management Proxy Server configuration file SSL CA certificate location proxy ca_chain usr share rhn RHNS CA CERT Corporate HTTP proxy fo...

Page 42: ...38 Appendix A Sample RHN Proxy Server Configuration File ...

Page 43: ...ements 8 host now found error could not determine FQDN 33 how it works 3 HTTP Proxy Caching Server disk space requirements 8 I inbound ports satellite 5222 9 installation base 15 of RHN Proxy Server 16 L log files 31 O Organization Administrator 3 outbound ports 80 443 9 P port 443 9 5222 9 80 9 private channel 27 Q questions and answers 32 R Red Hat Network introduction 1 Red Hat Update Agent 3 3...

Page 44: ...erify local package list 28 rhn proxy service 31 rhn conf sample file 37 rhn_package_manager 28 see RHN Package Manager S satellite debug 36 software requirements 7 squid caching 35 T terms to understand 3 topologies 11 multiple proxies horizontally tiered 12 multiple proxies vertically tiered 12 proxies with RHN Satellite Server 13 single proxy 11 traceback 3 troubleshooting 31 ...

Reviews: