background image

Chapter 4. Installation

21

Figure 4-5. Configure RHN Proxy Server

13. In the

Configure RHN Proxy Server

page, provide or confirm the entries for all

required fields. The Administrator Email Address will receive all mail generated by

the Proxy, including sometimes large quantities of error-related tracebacks. To stem

this flow, consider establishing mail filters that capture messages with a subject of

"RHN TRACEBACK from

hostname

". To list more than one administrator, enter

a comma-separated list of email addresses.
The RHN Proxy Hostname is the fully qualified domain name (FQDN) of the RHN

Proxy Server. The RHN Parent Server is the domain name of the server serving

the Proxy — either the central RHN servers, another RHN Proxy Server or an

RHN Satellite Server. To connect to the central RHN servers, include the value

xmlrpc.rhn.redhat.com

. To connect to a Satellite or another Proxy, enter the

parent system’s FQDN.
If the RHN Proxy Server will connect through an HTTP proxy, configure it using

the associated fields. Note that references to protocol, such as

http://

or

https://

should not be included in the

HTTP Proxy Server

field.

Содержание NETWORK PROXY SERVER 4.1.0 -

Страница 1: ...RHN Proxy Server 4 1 0 Installation Guide ...

Страница 2: ...able at http www opencontent org openpub Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder Distribution of the work or derivative of the work in any standard paper book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder Red Hat and the Red Hat Shadow Man logo a...

Страница 3: ...xy Vertically Tiered Topology 12 3 4 Proxies with RHN Satellite Server 13 4 Installation 15 4 1 Base Install 15 4 2 RHN Proxy Server Installation Process 16 5 RHN Package Manager 27 5 1 Creating a Private Channel 27 5 2 Uploading Packages 27 5 3 Command Line Options 29 6 Troubleshooting 31 6 1 Managing the Proxy Service 31 6 2 Log Files 31 6 3 Questions and Answers 32 6 4 General Problems 32 6 5 H...

Страница 4: ......

Страница 5: ...n a single system without Red Hat Network Standard Protocols standard protocols are used to maintain security and increase capability For example XML RPC gives Red Hat Network the ability to do much more than merely download files Security all communication between registered systems and Red Hat Network takes place over secure Internet connections View Errata Alerts easily view Errata Alerts for a...

Страница 6: ... organization Security an end to end secure connection is maintained from the client systems to the local RHN Proxy Server to the Red Hat Network servers Saves time packages are delivered significantly faster over a local area network than the Internet Saves bandwidth packages are downloaded from RHN only once per local Proxy Server s caching mechanism instead of downloading each package to each c...

Страница 7: ... Users with this role are capable of creating channels and assigning packages to channels This role can be assigned by an Organization Administrator through the Users tab of the RHN website Red Hat Update Agent The Red Hat Update Agent is the Red Hat Network client application up2date that allows users to retrieve and install new or updated packages for the client system on which the application i...

Страница 8: ...re connected via the LAN and are limited only by the speed of the local network Authentication is done in the following order 1 The client performs a login action at the beginning of a client session This login is passed through one or more RHN Proxy Servers until it reaches a Red Hat Network Server 2 The Red Hat Network Server attempts to authenticate the client If authentication is successful th...

Страница 9: ...ecause they contain crucial RPM information such as software de pendencies that allows RHN to automate package installation The actual custom RPM packages are stored on the RHN Proxy Server and sent to the client systems from inside the organization s local area network Configuring a computer network to use RHN Proxy Servers is straightforward The Red Hat Network applications on the client systems...

Страница 10: ...6 Chapter 1 Introduction ...

Страница 11: ...Enterprise Linux AS 4 These are the only supported base operating systems for Proxies serving Monitoring entitled systems Each version of Red Hat Enterprise Linux AS requires a certain package set to support RHN Proxy Server Anything more can cause errors during installation Therefore Red Hat recommends obtaining the desired package set in the following ways Note For kickstarting either Red Hat En...

Страница 12: ...Server Configuration of the system to accept remote commands and configuration management through Red Hat Network Refer to Section 4 2 RHN Proxy Server Installation Process for instructions 2 2 Hardware Requirements The following hardware configuration is required for the RHN Proxy Server Pentium III processor 1 26GHz 512K cache or equivalent 512 MB of memory 3 GB storage for base install of Red H...

Страница 13: ...nections on port 5222 Synchronized System Times There is great time sensitivity when connecting to a Web server running SSL Se cure Sockets Layer it is imperative the time settings on the clients and server are reasonably close together so the that SSL certificate does not expire before or during use It is recommended that Network Time Protocol NTP be used to synchronize the clocks Fully Qualified...

Страница 14: ...nally you should have the following technical documents in hand for use in roughly this order 1 The RHN Proxy Server Installation Guide This guide which you are now reading provides the essential steps necessary to get an RHN Proxy Server up and running 2 The RHN Client Configuration Guide This guide explains how to configure the systems to be served by an RHN Proxy Server or RHN Satellite Server ...

Страница 15: ...N Proxy Servers being used in the customer environment The rest of this chapter describes possible configurations and explains their benefits 3 1 Single Proxy Topology The simplest configuration is to use a single RHN Proxy Server to serve your entire net work This configuration is adequate to service a small group of clients and a network that would benefit from caching Red Hat RPMs and storing c...

Страница 16: ...ituation can be addressed in one of two ways The rsync file transfer program can be used to synchronize packages between the Prox ies A Network File System NFS share can be established between the Proxies and the custom channel repository Either of these solutions will allow any client of any RHN Proxy Servers to have all custom packages delivered to them Figure 3 2 Multiple Proxy Horizontally Tie...

Страница 17: ...nnels and packages must be placed on the primary Proxy only to ensure distribution to the child Proxies Finally the configuration files of the secondary Proxies must point to the primary instead of directly at Red Hat Network Figure 3 3 Multiple Proxy Vertically Tiered Topology 3 4 Proxies with RHN Satellite Server In addition to the methods described in detail within this chapter customers also h...

Страница 18: ...14 Chapter 3 Example Topologies described in the RHN Client Configuration Guide To find out how channels and packages are shared between them refer to the RHN Channel Management Guide ...

Страница 19: ... Red Hat packages is var spool squid while custom packages are located in var spool rhn proxy Install the packages required by RHN Proxy Server and only those packages Note You must install only the base packages as others will cause the RHN Proxy Server installation to fail Refer to Section 2 1 Software Requirements for the method to obtain the correct package group needed for each version of Red...

Страница 20: ...to the tools channel and then click the Change Subscriptions button to confirm your choice 4 Install all of the rhncfg packages by first navigating to the System System De tails Software Packages Install subtab Next search for rhncfg using the Filter by Package Name text search box In the resulting list select all of the packages and install them 5 If you will be enabling secure sockets layer SSL ...

Страница 21: ...ed these files and want to preserve them they are rotated in place and can be retrieved after installation Figure 4 1 System Details Proxy 9 In the System Details Details Proxy subtab the pulldown menu should in dicate your ability to activate the system as an RHN Proxy Server Ensure that the correct version is selected and click the Activate Proxy button The Welcome page of the installation appea...

Страница 22: ...nstallation Figure 4 2 Welcome 10 In the Welcome page you will find notification of any requirements not met by the system When the system is ready a continue link appears Click it to go to the Terms Conditions page ...

Страница 23: ...ions page click the terms and conditions link to view the licensing agreement of the RHN Proxy Server When satisfied click the I agree link You must agree in order to continue with the installation For Proxies that register to a Satellite the Enable Monitoring page appears next ...

Страница 24: ...nitor systems served by it For this to take place the RHN Proxy Server must meet the requirements identified in Chapter 2 Requirements and must be connected to an RHN Satellite Server or another Proxy connected to a Satellite To enable monitoring on the Proxy select the checkbox and click continue The Configure RHN Proxy Server page appears ...

Страница 25: ...ator enter a comma separated list of email addresses The RHN Proxy Hostname is the fully qualified domain name FQDN of the RHN Proxy Server The RHN Parent Server is the domain name of the server serving the Proxy either the central RHN servers another RHN Proxy Server or an RHN Satellite Server To connect to the central RHN servers include the value xmlrpc rhn redhat com To connect to a Satellite ...

Страница 26: ... or RHN Proxy Server that has SSL enabled Connection to the central RHN Servers requires upload of the certificate tar file mentioned earlier Connection to a Satellite or another Proxy through SSL requires the CA certificate password used in enabling SSL on the parent system If you choose not to enable SSL during installation leave this box unchecked and refer to the SSL Certificates chapter of th...

Страница 27: ...the parent server The remaining fields may match the parent server s values but can differ depending on the role of the RHN Proxy Server for instance reflecting a different geographic location Similarly the email address may be the same one provided earlier for the Proxy administrator but may instead be directed to a particular certificate administrator Certificate expi ration is configurable As a...

Страница 28: ... the hostname and IP address of the parent server connected to by the RHN Proxy Server This must be either an RHN Satellite Server or another Proxy which is in turn connected to a Satellite You cannot achieve Monitoring through the central RHN Servers When finished click continue The Install Progress page appears ...

Страница 29: ...ted Like the earlier package installs you can immediately trigger these steps by running the rhn_check command in a terminal on the system as root When finished the In stall Progress page will display the message The installation is complete You may now begin registering systems to be served by the RHN Proxy Server Refer to the RHN Client Configuration Guide 17 When all items on the Install Progre...

Страница 30: ...26 Chapter 4 Installation Figure 4 9 Install Complete ...

Страница 31: ... Server a private channel is needed to store them Perform the following steps to create a private channel 1 Log in to the RHN Web interface at https rhn redhat com 2 Click Channels on the top navigation bar If the Manage Channels option is not present in the left navigation bar ensure that this user has channel editing permissions set Do this through the Users category accessible through the top n...

Страница 32: ...list of packages from standard input using stdin To upload the package headers for the source RPMs rhn_package_manager c label_of_private_channel source pkg list If you have more than one channel specified using c or channel the uploaded pack age headers will be linked to all the channels listed Note If a channel name is not specified the packages are not added to any channel The packages can then...

Страница 33: ...ges from directory DIR cCHANNEL channel CHANNEL Manage this channel may be present multiple times nNUMBER count NUMBER Process this number of headers per call the default is 32 l list List each package name version number release number and architecture in the specified channel s s sync Check if local directory is in sync with the server p printconf Print the current configuration and exit XPATTER...

Страница 34: ...e pushed no ssl Not recommended Turn off SSL usage Briefly describe the options copyonly Copies the file listed in the argument into the specified channel Useful when a channel on the proxy is missing a package and you don t want to reimport all of the packages in the channel E g rhn_package_manager cCHANNEL copyonly PATH TO MISSING FILE h help Display the help screen with a list of options Table ...

Страница 35: ... rhn proxy start service rhn proxy stop service rhn proxy restart service rhn proxy status Use the rhn proxy service to shut down and bring up the entire RHN Proxy Server and retrieve status messages from all of its services at once 6 2 Log Files Virtually every troubleshooting step should start with a look at the associated log file or files These files provide invaluable information about the ac...

Страница 36: ...file logs all connections to the Squid server 3 The Red Hat Update Agent on the client systems does not connect through the RHN Proxy Server How can I resolve this error Make sure that the latest version of the Red Hat Update Agent is installed on the client systems The latest version contains features necessary to connect through an RHN Proxy Server The latest version can be obtained through the ...

Страница 37: ...rrect email addresses have been set for traceback_mail in etc rhn rhn conf 6 5 Host Not Found Could Not Determine FQDN Because RHN configuration files rely exclusively on fully qualified domain names FQDN it is imperative that key applications are able to resolve the name of the RHN Proxy Server into an IP address Red Hat Update Agent Red Hat Network Registration Client and the Apache HTTP Server ...

Страница 38: ...RHN Proxy Server and the corresponding rhn org trusted ssl cert noarch rpm or raw CA SSL public client certificate is installed on all client systems Verify the client systems are configured to use the appropriate certificate If using one or more RHN Proxy Servers ensure each Proxy s SSL certificate is prepared correctly If using the RHN Proxy Server in conjunction with an RHN Satellite Server the...

Страница 39: ...he internal caching mechanism used for authentication by the Proxy may also need its cache cleared To do this issue the following command rm fv var cache rhn Although the RHN Authentication Daemon was deprecated with the release of RHN Proxy Server 3 2 2 and replaced with the aforementioned internal authentication caching mech anism the daemon may still be running on your Proxy To turn it off issu...

Страница 40: ...s command rhn proxy debug To use this tool simply issue that command as root You will see the pieces of information collected and a single tarball created like so root rhel 4 root rhn proxy debug Collecting and packaging relevant diagnostic information Warning this may take some time copying configuration information copying logs querying RPM database versioning of RHN Proxy etc get diskspace avai...

Страница 41: ... to 0 to turn off SSL between the Proxy and the upstream server temporarily Note that this greatly compromises security Return the setting to its default value of 1 to re enable SSL or simply remove the line from the configuration file Automatically generated RHN Management Proxy Server configuration file SSL CA certificate location proxy ca_chain usr share rhn RHNS CA CERT Corporate HTTP proxy fo...

Страница 42: ...38 Appendix A Sample RHN Proxy Server Configuration File ...

Страница 43: ...ements 8 host now found error could not determine FQDN 33 how it works 3 HTTP Proxy Caching Server disk space requirements 8 I inbound ports satellite 5222 9 installation base 15 of RHN Proxy Server 16 L log files 31 O Organization Administrator 3 outbound ports 80 443 9 P port 443 9 5222 9 80 9 private channel 27 Q questions and answers 32 R Red Hat Network introduction 1 Red Hat Update Agent 3 3...

Страница 44: ...erify local package list 28 rhn proxy service 31 rhn conf sample file 37 rhn_package_manager 28 see RHN Package Manager S satellite debug 36 software requirements 7 squid caching 35 T terms to understand 3 topologies 11 multiple proxies horizontally tiered 12 multiple proxies vertically tiered 12 proxies with RHN Satellite Server 13 single proxy 11 traceback 3 troubleshooting 31 ...

Отзывы: