background image

14

Chapter 3. Example Topologies

described in the

RHN Client Configuration Guide

. To find out how channels and packages

are shared between them, refer to the

RHN Channel Management Guide

.

Содержание NETWORK PROXY SERVER 4.0 -

Страница 1: ...RHN Proxy Server 4 0 Installation Guide ...

Страница 2: ...le at http www opencontent org openpub Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder Distribution of the work or derivative of the work in any standard paper book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder Red Hat and the Red Hat Shadow Man logo are...

Страница 3: ...xy Vertically Tiered Topology 12 3 4 Proxies with RHN Satellite Server 13 4 Installation 15 4 1 Base Install 15 4 2 RHN Proxy Server Installation Process 15 5 RHN Package Manager 27 5 1 Creating a Private Channel 27 5 2 Uploading Packages 27 5 3 Command Line Options 29 6 Troubleshooting 31 6 1 Managing the Proxy Service 31 6 2 Log Files 31 6 3 Questions and Answers 32 6 4 General Problems 33 6 5 H...

Страница 4: ......

Страница 5: ...ngle system without Red Hat Network Standard Protocols standard protocols are used to maintain security and increase capability For example XML RPC gives Red Hat Network the ability to do much more than merely download files Security all communication between registered systems and Red Hat Network takes place over secure Internet connections View Errata Alerts easily view Errata Alerts for all you...

Страница 6: ...er to the Red Hat Network servers Saves time packages are delivered significantly faster over a local area network than the Internet Saves bandwidth packages are downloaded from the RHN File servers only once per local Proxy Server s caching mechanism instead of downloading each package to each client system Saves disk space on individual systems one large disk array is required instead of extra d...

Страница 7: ...e of creating channels and assigning packages to channels This role can be assigned by an Organization Ad ministrator through the Users tab of the RHN website Red Hat Update Agent The Red Hat Update Agent is the Red Hat Network client application up2date that allows users to retrieve and install new or updated packages for the client system on which the application is run Traceback A traceback is ...

Страница 8: ...Red Hat Network Server 2 The Red Hat Network Server attempts to authenticate the client If authentication is successful the server then passes back a session token via the chain of RHN Proxy Servers This token which has a signature and expiration contains user information including subscribe to channels username etc 3 Each RHN Proxy Server caches this token on its local file system in var cache rh...

Страница 9: ...ring a computer network to use RHN Proxy Servers is straightforward The Red Hat Network applications on the client systems must be configured to connect to the RHN Proxy Server instead of the Red Hat Network Servers Refer to the RHN Client Configu ration Guide for details On the proxy side one has to specify the next proxy in the chain which will eventually end with a Red Hat Network Server If the...

Страница 10: ...6 Chapter 1 Introduction ...

Страница 11: ...Red Hat Enterprise Linux AS 4 These are the only supported base operating systems for Proxies serving Monitoring entitled systems Each version of Red Hat Enterprise Linux AS requires a certain package set to support RHN Proxy Server Anything more can cause errors during installation Therefore Red Hat recommends obtaining the desired package set in the following ways Note For kickstarting either Re...

Страница 12: ...N Proxy Server Installation Process for instructions 2 2 Hardware Requirements The following hardware configuration is required for the RHN Proxy Server Pentium III processor 1 26GHz 512K cache or equivalent 512 MB of memory 3 GB storage for base install of Red Hat Enterprise Linux AS 6 GB storage per distribution channel The load on the Apache HTTP Server is directly related to the frequency with...

Страница 13: ...close together so the SSL certificate does not expire before or during use It is recom mended Network Time Protocol NTP be used to synchronize the clocks Fully Qualified Domain Name FQDN The system upon which the RHN Proxy Server will be installed must resolve its own FQDN properly A Red Hat Network Account Customers who will be connecting to the central Red Hat Network Servers to receive incremen...

Страница 14: ...de which you are now reading provides the essential steps necessary to get an RHN Proxy Server up and running 2 The RHN Client Configuration Guide This guide explains how to configure the systems to be served by an RHN Proxy Server or RHN Satellite Server This will also likely require referencing The RHN Reference Guide which contains steps for registering and updating systems 3 The RHN Channel Ma...

Страница 15: ...ervers being used in the customer environment The rest of this chapter describes possible configurations and explains their benefits 3 1 Single Proxy Topology The simplest configuration is to use a single RHN Proxy Server to serve your entire net work This configuration is adequate to service a small group of clients and a network that would benefit from caching Red Hat RPMs and storing custom pac...

Страница 16: ...tion can be addressed in one of two ways Either the rsync file transfer program can be used to synchronize packages between the Proxies or a Network File System NFS share can be established between the Proxies and the custom channel repository Either of these solutions will allow any client of any RHN Proxy Servers to have all custom packages delivered to them Figure 3 2 Multiple Proxy Horizontall...

Страница 17: ...ls and pack ages must be placed on the primary Proxy only to ensure distribution to the child Proxies Finally the configuration files of the secondary Proxies must point to the primary instead of directly at Red Hat Network Figure 3 3 Multiple Proxy Vertically Tiered Topology 3 4 Proxies with RHN Satellite Server In addition to the methods described in detail within this chapter customers also hav...

Страница 18: ...14 Chapter 3 Example Topologies described in the RHN Client Configuration Guide To find out how channels and packages are shared between them refer to the RHN Channel Management Guide ...

Страница 19: ... are located in var spool rhn proxy Install the packages required by RHN Proxy Server and only those packages You must install only the base packages as others will cause the RHN Proxy Server installation to fail Refer to Section 2 1 Software Requirements for the method to obtain the correct package group needed for each version of Red Hat Enterprise Linux AS Important If you plan to obtain Monito...

Страница 20: ... text search box In the resulting list select all the packages and install them 5 If you will be enabling secure sockets layer SSL encryption on the Proxy and con necting to the central RHN Servers install the rhns certs tools package from the same Red Hat Network Tools channel and use the RHN SSL Maintenance Tool to generate the tar file required later Refer to the SSL Certificates chapter of the...

Страница 21: ...roxy 9 In the System Details Proxy subtab the pulldown menu should indicate your ability to activate the system as an RHN Proxy Server Ensure the version is properly selected and click the Activate Proxy button The Welcome page of the installation appears ...

Страница 22: ...nstallation Figure 4 2 Welcome 10 In the Welcome page you will find notification of any requirements not met by the system When the system is ready a continue link appears Click it to go to the Terms Conditions page ...

Страница 23: ...igure 4 3 Terms Conditions 11 In the Terms Conditions page click the terms and conditions link to view the licensing agreement of the RHN Proxy Server When satisfied click the I agree link The Enable Monitoring page appears next ...

Страница 24: ...monitor systems served by it For this to take place the RHN Proxy Server must meet the requirements identified in Chapter 2 Requirements and be connected to an RHN Satellite Server or another Proxy connected to a Satellite To enable monitoring on the Proxy select the checkbox and click continue The Configure RHN Proxy Server page appears ...

Страница 25: ...lters that capture messages with a subject of RHN TRACEBACK from hostname To list more than one administrator enter a comma separated list of email addresses The RHN Proxy Hostname is the fully qualified domain name FQDN of the RHN Proxy Server The RHN Parent Server is the domain name of the server serving the Proxy either the central RHN Servers another RHN Proxy Server or an RHN Satellite Server...

Страница 26: ...ou must be connecting to the central RHN Servers which have SSL enabled by default or to an RHN Satellite Server or RHN Proxy Server that has SSL enabled Connection to the central RHN Servers requires upload of the certificate tar file mentioned earlier Connection to a Satellite or another Proxy through SSL requires the CA certificate password used in enabling SSL on the parent system If you will ...

Страница 27: ...ile enabling SSL on the par ent server The remaining fields may match the parent server s values but can differ depending on the role of the RHN Proxy Server for instance reflecting a different ge ographic location Similarly the email address can be the same one provided earlier for the Proxy administrator but can be directed to a particular certificate adminis trator Certificate expiration is con...

Страница 28: ...e button It will be named rhn org httpd ssl archive MACHINENAME VERSION tar with the machine name reflecting the Proxy s hostname Once located click continue Note Since you must be root to generate the SSL key the resulting SSL tar file will be located in root ssl build HOSTNAME This file will not be visible to a non root user therefore you must copy the file to a location visible to the user runn...

Страница 29: ...and IP address of the parent server connected to by the RHN Proxy Server This must be either an RHN Satellite Server or another Proxy which is in turn connected to a Satellite You cannot achieve Monitoring through the central RHN Servers When finished click continue The Install Progress page appears Figure 4 9 Install Progress ...

Страница 30: ...tatus goes from Queued to Picked Up and then finally to Completed Like the earlier package installs you can immediately trigger these steps by running the rhn_check command in a terminal on the system as root When finished the Install Progress page will display the message The installation is complete You may now begin registering systems to be served by the RHN Proxy Server Refer to the RHN Clien...

Страница 31: ...RHN Proxy Server a private channel is needed to store them Perform the following steps to create a private channel 1 Log in to the RHN Web interface at https rhn redhat com 2 Click Channels on the top navigation bar If the Manage Channels option is not present in the left navigation bar ensure this user has channel editing permissions set Do this through the Users category accessible through the t...

Страница 32: ... packages from standard input using stdin To upload the package headers for the source RPMs rhn_package_manager c label_of_private_channel source pkg list If you have more than one channel specified using c or channel the uploaded pack age headers will be linked to all the channels listed Note If a channel name is not specified the packages are not added to any channel The packages can then be add...

Страница 33: ...ges from directory DIR cCHANNEL channel CHANNEL Manage this channel may be present multiple times nNUMBER count NUMBER Process this number of headers per call the default is 32 l list List each package name version number release number and architecture in the specified channel s s sync Check if local directory is in sync with the server p printconf Print the current configuration and exit XPATTER...

Страница 34: ...e pushed no ssl Not recommended Turn off SSL usage Briefly describe the options copyonly Copies the file listed in the argument into the specified channel Useful when a channel on the proxy is missing a package and you don t want to reimport all of the packages in the channel E g rhn_package_manager cCHANNEL copyonly PATH TO MISSING FILE h help Display the help screen with a list of options Table ...

Страница 35: ... commands service rhn proxy start service rhn proxy stop service rhn proxy restart service rhn proxy status Use the rhn proxy service to shut down and bring up the entire RHN Satellite Server and retrieve status messages from all of its services at once 6 2 Log Files Virtually every troubleshooting step should start with a look at the associated log file or files These files provide invaluable inf...

Страница 36: ...onnecting to the Squid server The var log squid access log file logs all connections to the Squid server 3 The Red Hat Update Agent on the client systems will not connect through the RHN Proxy Server How can I resolve this error Make sure the latest version of the Red Hat Update Agent is installed on the client systems The latest version contains features necessary to connect through an RHN Proxy ...

Страница 37: ...l from the RHN Proxy Server confirm the correct email addresses have been set for traceback_mail in etc rhn rhn conf 6 5 Host Not Found Could Not Determine FQDN Because RHN configuration files rely exclusively on fully qualified domain names FQDN it is imperative key applications are able to resolve the name of the RHN Proxy Server into an IP address Red Hat Update Agent Red Hat Network Registrati...

Страница 38: ...ER REL noarch rpm is installed on the RHN Proxy Server and the corresponding rhn org trusted ssl cert noarch rpm or raw CA SSL public client certificate is installed on all client systems Verify the client systems are configured to use the appropriate certificate If using one or more RHN Proxy Servers ensure each Proxy s SSL certificate is prepared correctly If using the RHN Proxy Server in conjun...

Страница 39: ...e internal caching mechanism used for authentication by the Proxy may also need its cache cleared To do this issue the following command rm fv var cache rhn Although the RHN Authentication Daemon was deprecated with the release of RHN Proxy Server 3 2 2 and replaced with the aforementioned internal authentication caching mech anism the daemon may still be running on your Proxy To turn it off issue...

Страница 40: ...mmand rhn proxy debug To use this tool simply issue that command as root You will see the pieces of information collected and the single tarball created like so root rhel 4 root rhn proxy debug Collecting and packaging relevant diagnostic information Warning this may take some time copying configuration information copying logs querying RPM database versioning of RHN Proxy etc get diskspace availa...

Страница 41: ... to 0 to turn off SSL between the Proxy and the upstream server temporarily Note that this greatly compromises security Return the setting to its default value of 1 to re enable SSL or simply remove the line from the configuration file Automatically generated RHN Management Proxy Server configuration file SSL CA certificate location proxy ca_chain usr share rhn RHNS CA CERT Corporate HTTP proxy fo...

Страница 42: ...38 Appendix A Sample RHN Proxy Server Configuration File ...

Страница 43: ... FQDN 33 how it works 3 HTTP Proxy Caching Server disk space requirements 8 I installation base 15 of RHN Proxy Server 15 L log files 31 O organization administrator 3 P private channel 27 Q questions and answers 32 R Red Hat Network introduction 1 Red Hat Update Agent 3 3 requirements 7 additional 9 disk space 8 hardware 8 software 7 RHN Authentication Daemon disabling rhn_auth_cache stopping 35 ...

Страница 44: ...ager 28 see RHN Package Manager S satellite debug 36 software requirements 7 squid caching 35 T terms to understand 3 topologies 11 multiple proxies horizontally tiered 12 multiple proxies vertically tiered 12 proxies with RHN Satellite Server 13 single proxy 11 traceback 3 troubleshooting 31 ...

Отзывы: