Red Hat NETWORK SATELLITE 5.1.1 - RELEASE NOTES Installation Manual Download

Page: 1 / 74

Red Hat Network

Satellite 5.1.1

Installation Guide

Red Hat Network Satellite

Summary of Contents for NETWORK SATELLITE 5.1.1 - RELEASE NOTES

Page 1: ...Red Hat Network Satellite 5 1 1 Installation Guide Red Hat Network Satellite ...

Page 2: ...Installation Guide Red Hat Network Satellite 5 1 1 Installation Guide Red Hat Network Satellite Edition 5 1 1 ...

Page 3: ...s 33 5 1 Receiving the Certificate 33 5 2 Uploading the RHN Entitlement Certificate 34 5 3 Managing the RHN Certificate with RHN Satellite Activate 34 5 3 1 Command Line Entitlement Options 34 5 3 2 Activating the Satellite 35 5 4 Satellite Entitlement Certificate Expiration 35 6 Importing and Synchronizing 37 6 1 Exporting with RHN Satellite Exporter 37 6 1 1 rhn satellite exporter 37 6 1 2 Expor...

Page 4: ...ing the Backup 56 8 4 4 Restoring the Database 56 8 5 Cloning the Satellite with Embedded DB 57 8 6 Establishing Redundant Satellites with Stand Alone DB 57 8 7 Conducting Satellite Specific Tasks 58 8 7 1 Using the Tools menu 59 8 7 2 Deleting Users 60 8 8 Automating Synchronization 61 8 9 Implementing PAM Authentication 62 8 10 Enabling Push to Clients 62 A Sample RHN Satellite Server Configurat...

Page 5: ... their client systems with Red Hat Network When a client system requests package updates only the applicable packages for the client are returned based upon the software profile stored on the RHN Servers Advantages of using Red Hat Network include Scalability with Red Hat Network a single system administrator can set up and maintain hundreds or thousands of Red Hat systems more easily accurately a...

Page 6: ...e packages There are two types of channels base channels and child channels A base channel consists of a list of packages based on a specific architecture and Red Hat release A child channel is a channel associated with a base channel that contains extra packages Organization Administrator An Organization Administrator is a user role with the highest level of control over an organization s Red Hat...

Page 7: ...onization tools RPM importing tools Channel maintenance tools Web based Errata management tools Web based User management tools Web based Client system and system grouping tools Web based Red Hat Update Agent on the client systems The Red Hat Update Agent on the client systems must be reconfigured to retrieve updates from the organization s internal RHN Satellite Server instead of the central Red ...

Page 8: ...ion For example an organization can maintain one RHN Satellite Server in a secure location Red Hat systems with local network access to the RHN Satellite Server can connect to it Other remote offices can maintain RHN Proxy Server installations that connect to the RHN Satellite Server The different locations inside the organization must be networked but this can be a private network an Internet con...

Page 9: ...on the Satellite by opening the Satellite s hostname in a Web browser and clicking Create Account This will be the Satellite Administrator s also referred to as the Organization Administrator account 9 Use the RHN Satellite Synchronization Tool to import the channels and associated packages into the Satellite 10 Register a representative machine for each distribution type or channel Red Hat Enterp...

Page 10: ...e RHN Channel Management Guide for details 1 6 Upgrades The process for upgrading a Satellite from one version to another is not covered within this Satellite Guide but can be found within the Red Hat Knowledgebase http kbase redhat com faq 1 and can be found by performing a search for upgrade satellite or by following this link http kbase redhat com faq FAQ_49_8610 shtm 1 http kbase redhat com fa...

Page 11: ...INUX permissive and reboot the system More in depth coverage of SELinux is available at http www redhat com docs You may also refer to the Red Hat Knowledgebase article on SELinux and RHN Satellite Server at http kbase redhat com faq Satellite installation disc or ISO this contains the RHN Satellite Server Installation Program All packages required in order to suport the Program are installed auto...

Page 12: ...tabase and Embedded Database Satellite Hardware Requirements The following hardware configuration is required for the Stand Alone Database Two processors 2 GB of memory See Section 2 3 Database Requirements for instructions on estimating the tablespace of the database and setting its environment variables Keep in mind the frequency with which client systems connect to the Satellite is directly rel...

Page 13: ...for testing and staging of packages they must be included in this formula Keep in mind the database storage needs may grow rapidly depending upon the variance of the following factors The number of public Red Hat packages imported typical 5000 The number of private packages to be managed typical 500 The number of systems to be managed typical 1000 The number of packages installed on the average sy...

Page 14: ...before the RHN Satellite Server installation Full Access Client systems need full network access to the RHN Satellite Server solution s services and ports Firewall Rules RHN strongly recommends firewalling the RHN Satellite Server solution from the Internet However various TCP ports must be opened on the Satellite depending on your implementation of RHN Satellite Server Port Direction Reason 80 Ou...

Page 15: ... Time Protocol NTP This also applies to the separate database machine in RHN Satellite Server with Stand Alone Database which must also be set to the same time zone as the Satellite Fully Qualified Domain Name FQDN The system upon which the RHN Satellite Server will be installed must resolve its own FQDN properly If this is not the case cookies will not work properly on the website Note It is impo...

Page 16: ...eproof safe In addition to these requirements it is recommended that the RHN Satellite Server be configured in the following manner The entire RHN Satellite Server solution should be protected by a firewall if the Satellite accesses or is accessed via the Internet An Internet connection is not required for RHN Satellite Servers running in completely disconnected environments This feature instead u...

Page 17: ...rver up and running 2 The RHN Client Configuration Guide This guide explains how to configure the systems to be served by an RHN Proxy Server or RHN Satellite Server This will also likely require referencing The RHN Reference Guide which contains steps for registering and updating systems 3 The RHN Channel Management Guide This guide identifies in great detail the recommended methods for building ...

Page 18: ...14 ...

Page 19: ...environment The rest of this chapter describes possible configurations and explains their benefits 3 1 Single Satellite Topology The simplest configuration is to use a single RHN Satellite Server to serve your entire network This configuration is adequate to service a medium size group of clients and network The disadvantage of using one RHN Satellite Server is that performance will be compromised...

Page 20: ...o install RHN Proxy Servers below a RHN Satellite Server These Proxies connect to the Satellite for RPMs from Red Hat Network and custom packages created locally In essence the Proxies act as clients of the Satellite This vertically tiered configuration requires that channels and RPMs be created only on the RHN Satellite Server In this manner the Proxies inherit and then serve packages from a cent...

Page 21: ...Satellite Proxy Vertically Tiered Topology 17 Figure 3 3 Satellite Proxy Vertically Tiered Topology ...

Page 22: ...18 ...

Page 23: ...d separate database if it exists and select the appropriate time zone All client systems should already be running the ntpd daemon and be set to the correct time zone Due to potential complications it is strongly advised that the home partition is locally mounted 4 2 RHN Satellite Server Installation Program The following instructions describe how to run the RHN Satellite Server Installation Progr...

Page 24: ...ng command install pl help 6 The script first runs through a pre requisite check These checks make certain that all prerequisites from Chapter 2 Requirements are met before proceeding with the installation Starting the Red Hat Network Satellite installer Performing pre install checks Pre install checks complete Beginning installation 7 At the prompt enter the email address to which you would like ...

Page 25: ...e is established the Satellite is configured Setting up environment and users 12 In order to activate the Satellite you must provide it with the location of your Satellite certificate Activating Satellite Where is your satellite certificate file root example cert 13 The next step is to create a CA cert for the Satellite To do so you must answer a few questions CA cert Enter a password for the cert...

Page 26: ...rowser Create the satellite administrator account also referred to as the Organization Administrator and click the Create Login button to move to the next screen the Your RHN screen Figure 4 1 Admin Account Creation 16 A blue text box appears at the top of the screen indicating that you can now custom configure the Satellite and its behavior To do so click the bold clicking here text at the end ...

Page 27: ...tion Program 23 Figure 4 2 Final Configuration Prompt 17 The Satellite Configuration General Configuration page allows you to alter the most basic Satellite settings such as the admin email address and whether Monitoring is enabled ...

Page 28: ...in are used to mail monitoring notification messages to administration This is required only if you intend to receive alert notifications from probes If you do provide the mail server exchanger and domain to be used Note that sendmail must be configured to handle email redirects of notifications Refer to Section 4 4 Sendmail Configuration for instructions When finished click Continue The RHN Regis...

Page 29: ...gate to the file and select it To input its contents open your certificate in a text editor copy all lines and paste them directly into the large text field at the bottom Red Hat recommends using the file locator as it is less error prone Click Validate Certificate to continue If you receive errors related to DNS ensure your Satellite is configured correctly Refer to Section 7 3 Host Not Found Cou...

Page 30: ... central RHN Servers The required fields are pre populated with values derived from previous installation steps Ensure this information is accurate Checkboxes offer options for including built in security SSL and GNU Privacy Guard GPG features both of which are advised In addition you may enable remote command acceptance and remote configuration management of the systems to be bootstrapped here Bo...

Page 31: ...figuration Restart page contains the final step in configuring the Satellite Click the Restart button to restart the Satellite in order to incorporate all of the configuration options added on the previous screens Note that it will take between four and five minutes for the restart to finish ...

Page 32: ...Figure 4 8 Restart Complete 4 2 1 Options to the Satellite Installation Program The various options available for the Satellite Installation Program are included below for easy reference Option Usage help Print this help message answer file filename Indicates the location of an answer file to be use for answering questions asked during the installation process ...

Page 33: ...r the database skip db diskspace check Do not check to make sure there is enough free disk space to install the embedded database skip db population Do not populate the database schema skip gpg key import Do not import Red Hat s GPG key skip ssl cert generation Do not generate the SSL certificates for the Satellite Table 4 1 Installation Options 4 3 Automated RHN Satellite Server Installation One ...

Page 34: ...il to be sent from an address that is not recognized as valid Therefore it may be necessary to configure rogerthat01 mail domain as a valid email address in your corporate environment Check with your mail systems administrator To configure sendmail correctly run the following commands as root First create a symbolic link allowing sendmail to run the notification enqueuer with the following command...

Page 35: ...he RHN Reference Guide for a list of available probes If you do wish to run MySQL probes subscribe the Satellite to the Red Hat Enterprise Linux AS Extras channel and install the mysql server package either through the RHN website or up2date Two extra packages will also be downloaded in the transaction These are needed for the mysql server package to be installed and run successfully Once finished...

Page 36: ...32 ...

Page 37: ...ement Certificate such as one reflecting an increase in the number of entitlements 5 1 Receiving the Certificate The RHN Entitlement Certificate is an XML document that looks something like this xml version 1 0 encoding UTF 8 rhn cert version 0 1 rhn cert field name product RHN SATELLITE 001 rhn cert field rhn cert field name owner Clay s Precious Satellite rhn cert field rhn cert field name issue...

Page 38: ...he existing certificate Ensure you have a backup of this file by copying and pasting its contents into a text editor 4 Click Deactivate Satellite License at the bottom of the page Then click Confirm Deactivation You will receive a message describing the deactivation at the top of the page 5 You may then browse to the location of your new RHN Entitlement Certificate or paste its contents into the t...

Page 39: ...atellite locally by inserting the RHN Entitlement Certificate into the local database 3 Activate the Satellite remotely by inserting the RHN Entitlement Certificate into the central RHN remote database This is typically accomplished during local activation but may require a second step if you chose the disconnected option Here are some examples depicting use of the tool and these options To valida...

Page 40: ...ains active Each user that logs into the Satellite sees a banner on their Your RHN page that explains that the Satellite certificate has expired Once a day for all seven days the Satellite Administrator s email receives notification that the certificate has expired When the grace period is over the Satellite becomes unavailable users will be unable to login to the web UI and all client side tools ...

Page 41: ...ctures Channel metadata Blacklists RPMs RPM metadata Errata Kickstarts The amount of time it takes rhn satellite exporter to export data is dependent on the number and size of the channels being exported Using the no packages no kickstarts no errata and no rpms options reduces the amount of time required for rhn satellite exporter to run but also prevents potentially useful information from being ...

Page 42: ...ation no kickstarts Do not process kickstart data provisioning only debug level LEVEL_NUMBER Override the amount of messaging sent to log files and generated on the screen set in etc rhn rhn conf 0 6 2 is default start date START_DATE The start date limit that the last modified dates are compared against Must be in the format YYYYMMDDHH24MISS for example 20071225123000 end date END_DATE The end da...

Page 43: ...channels correctly you must first populate at least one Red Hat base channel The RHN Satellite Synchronization Tool creates the necessary directory structures and permissions without these the custom channel tools will not work properly For this reason you should use these instructions to set up your base channel s and then refer to the RHN Channel Management Guide for steps to establish custom ch...

Page 44: ...n h help Display this list of options and exit d db DB Include alternate database connect string username password SID m mount point MOUNT_POINT Import sync from local media mounted to the Satellite To be used in closed environments such as those created during disconnected installs list channels List all available channels and exit c channel CHANNEL_LABEL Process data for this channel only Multip...

Page 45: ...rt processing Open man satellite sync for more information Table 6 2 Satellite Import Sync Options If no options are included satellite sync synchronizes all channels that already exist in the Satellite s database By default the step all steps option is enabled Keep in mind that the channel option requires the channel label not its name For instance use rhel i386 as 3 not Red Hat Enterprise Linux ...

Page 46: ...ss to copy Channel Content ISOs is to mount each one copy its contents to the temporary repository and then unmount the ISO Each channel consists of several ISOs Once finished the administrator should delete the temporary directory and all of its contents Follow these steps 1 Log into the machine as root 2 Insert the first Channel Content ISO that has been burned to disc 3 Create a directory in mn...

Page 47: ...n sat import The first step in importing channels into the database is listing the channels available for import This is accomplished with the command satellite sync list channels mount point var rhn sat import The next step is to initiate the import of a specific channel Do this using a channel label presented in the previous list The command will look like satellite sync c rhel i386 as 3 mount p...

Page 48: ... RPMs have been installed and moved to their permanent locations then this count will be zero and the administrator may safely remove the temporary repository in this case var rhn sat import 6 3 Synchronizing An update channel is only as useful as the freshness of the information in that channel Since the RHN Satellite Server is designed to be a standalone environment any update advisories publish...

Page 49: ...ple satellite sync c rhel i386 as 3 This connects to central Red Hat Network Servers and performs the process described above Multiple channels can be included by repeating the option If no channels are specified all channels on the Satellite will be refreshed 6 3 2 Synchronizing Errata and Packages via Local Media For customers who cannot connect their Satellite directly to RHN Red Hat recommends...

Page 50: ...46 ...

Page 51: ...r var log rhn directory RHN Satellite Server Installation Program var log rhn_satellite_install log Database installation Embedded Database var log rhn rhn database installation log Database population var log rhn populate_db log RHN Satellite Synchronization Tool var log rhn rhn_server_satellite log Monitoring infrastructure home nocpulse var directory Monitoring notifications opt notification va...

Page 52: ...tion 8 7 1 1 Maintaining the RHN Task Engine To obtain the status of the Satellite s Embedded Database if it exists run the command service rhn database status To determine the version of your database schema run the command rhn schema version To derive the character set types of your Satellite s database run the command rhn charsets If the administrator is not getting email from the RHN Satellite...

Page 53: ...followed by Network Information Service NIS if used followed by DNS One of these has to succeed for the Apache Web server to start and the RHN client applications to work To resolve this problem identify the contents of the etc hosts file It may look like this 127 0 0 1 this_machine example com this_machine localhost localdomain localhost First in a text editor remove the offending machine informa...

Page 54: ...n conf sqlplus username password sid Ensure the RHN Satellite Server is using Network Time Protocol NTP and set to the appropriate time zone This also applies to all client systems and the separate database machine in RHN Satellite Server with Stand Alone Database Confirm the correct package 7 rhn org httpd ssl key pair MACHINE_NAME VER REL noarch rpm is installed on the RHN Satellite Server and t...

Page 55: ... a command line tool explicitly for this purpose The Satellite Diagnostic Info Gatherer commonly known by its command satellite debug To use this tool issue the command as root You will see the pieces of information collected and the single tarball created like so root miab root satellite debug Collecting and packaging relevant diagnostic information Warning this may take some time copying configu...

Page 56: ...52 ...

Page 57: ...Satellite Server they will be released in the form of an Erratum for the RHN Satellite Server For RHN Satellite Server systems that may be connected to the Internet the best method for applying these Errata Updates is using the Red Hat Update Agent via Red Hat Network Since the RHN Satellite Server is subscribed to Red Hat Network during initial installation the user should be able to run up2date ...

Page 58: ...tc pxtdb conf pertains only to RHN Satellite Server 1 1 x root gnupg root ssl build If possible back up var satellite as well In case of failure this will save lengthy download time Since var satellite specifically var satellite redhat NULL is primarily a duplicate of Red Hat s RPM repository it can be regenerated with satellite sync Red Hat recommends the entire var satellite tree be backed up In...

Page 59: ...ackup DIRNAME Backs up the database to the directory specified examine DIRNAME Examines the contents of a backup directory Returns the timestamp of backup creation and reports on its contents extend Increase the RHN Oracle tablespace report Reports on current usage of database space restore DIRNAME Restores the database from backup kept in DIRNAME Database must be stopped for this command to run s...

Page 60: ...ther file transfer utility Red Hat strongly recommends scheduling the backup process automatically using cron jobs For instance back up the system at 3 a m and then copy the backup to the separate repository partition disk or system at 6 a m 8 4 3 Verifying the Backup Backing up the Embedded Database is useful only if you can ensure the integrity of the resulting backup RHN DB Control provides two...

Page 61: ...SSL certificates from it to the secondary Refer to the Deploying the CA SSL Public Certificate to Clients section of the RHN Client Configuration Guide for precise instructions 6 Change DNS to point to the new machine or configure your load balancer appropriately 8 6 Establishing Redundant Satellites with Stand Alone DB In keeping with the cloning option available to Satellite with Embedded Databa...

Page 62: ... of var www html pub bootstrap from the primary Satellite to the secondary If you did generate a new one copy that directory s contents to the primary Satellite 6 Turn off the RHN Task Engine on the secondary Satellite with the following command sbin service taskomatic stop You may use custom scripting or other means to establish automatic start up failover of the RHN Task Engine on the secondary ...

Page 63: ...s page 8 7 1 1 Maintaining the RHN Task Engine The default display shows the status of the RHN Task Engine This tool is a daemon that runs on the Satellite server itself and performs routine operations such as database cleanup Errata mailings etc that must be performed in the background The page displays the execution times for various activities carried out by the daemon Administrators should ens...

Page 64: ... the name of the user to be removed This takes you to the User Details page Click the delete user link at the top right corner of the page Figure 8 2 User Deletion A confirmation page appears explaining that this removal is permanent To continue click Delete User at the bottom right corner of the page Note The Organization Administrator role must be removed from the user s profile before deleting ...

Page 65: ...ation Continental United States business hours are roughly 8 00 AM to 9 00 PM EST UTC 5 due to four time zones Monday through Friday These hours may vary seasonally by one hour Further Red Hat strongly recommends that synchronization occur randomly for best performance This automation can be set easily by the addition of a simple cron job To do this edit the crontab as root crontab e This opens th...

Page 66: ...elow Note To ensure that PAM authentication functions properly install the pam devel package Set up a PAM service file usually etc pam d rhn satellite and have the Satellite use it by adding the following line to etc rhn rhn conf pam_auth_service rhn satellite This assumes the PAM service file is named rhn satellite To enable a user to authenticate against PAM select the checkbox labeled Pluggable...

Page 67: ...vice on the Satellite as root using the command service osa dispatcher start Finally install the osad package on all client systems to receive pushed actions The package can be found within the RHN Tools child channel for the systems on the RHN Satellite Server Once installed start the service on the client systems as root using the command service osad start Like other services osa dispatcher and...

Page 68: ...64 ...

Page 69: ...satellite Corporate gateway hostname PORT server satellite http_proxy corporate_gateway example com 8080 server satellite http_proxy_username server satellite http_proxy_password Database connection information username password SID default_db test01 test01 test01 DON T TOUCH ANY OF THE FOLLOWING web satellite 1 web session_swap_secret_1 ea6c79f71cfcf307d567fed583c393b9 web session_swap_secret_2 0...

Page 70: ...A Sample RHN Satellite Server Configuration File 66 RHN Task DailySummary RHN Task SummaryPopulation RHN Task RHNProc RHN Task PackageCleanup web rhn_gpg_backend_module RHN GPG OpenPGP web restrict_mail_domains ...

Page 71: ...67 Appendix B Revision History Revision History Revision 1 0 ...

Page 72: ...68 ...

Page 73: ... opt 19 db control options 55 db control use 55 disable services ntsysv chkconfig 12 E embedded database default location rhnsat 19 enabling push to clients 62 entitlement certificate 11 19 uploading 34 F firewall rules requirements 10 G general problems 47 GPG keys 19 H host not found error could not determine FQDN 49 how it works 3 httpd 12 I import channel content process 42 importing satellite...

Page 74: ...nt 19 RHN Satellite Synchronization Tool 39 options 40 RHN Task Engine 59 60 rhn satellite service 53 rhn satellite activate 34 activating 35 options 34 rhn satellite exporter 37 export 38 options 38 rhn conf sample file 65 rhns satellite tools 34 43 rogerthat01 mail domain 30 S Satellite Installation Program options 28 Satellite Ports 10 satellite redundancy 57 satellite debug 51 satellite sync 4...

Search results

Summary of Contents for NETWORK SATELLITE 5.1.1 - RELEASE NOTES

Reviews:

Related manuals for NETWORK SATELLITE 5.1.1 - RELEASE NOTES

Brands by name

Popular brands

Red Hat NETWORK SATELLITE 5.1.1 - RELEASE NOTES, Installation Manual

Search results

Summary of Contents for NETWORK SATELLITE 5.1.1 - RELEASE NOTES

Reviews:

Related manuals for NETWORK SATELLITE 5.1.1 - RELEASE NOTES

Brands by name

Popular brands