Red Hat NETWORK SATELLITE SERVER 4.1.0 Скачать руководство пользователя

Страница: 72 / 80

Chapter 8. Maintenance

This opens the crontab in a text editor, by default Vi. Another editor can be used by first

changing the

EDITOR

variable, like so:

export EDITOR=gedit

Once opened, use the first five fields (minute, hour, day, month, and weekday) to sched-

ule the synchronization. Remember, hours use military time. Edit the crontab to include

random synchronization, like so:

0 1 * * * perl -le ’sleep rand 9000’ && satellite-sync --email >/dev/null \

2>/dev/null

This particular job will run randomly between 1:00 a.m. and 3:30 a.m. system time each

night and redirect

stdout

and

stderr

from

cron

to prevent duplicating the more easily

read message from

satellite-sync

. Options other than

--email

can also be included.

Refer to Table 6-2 for the full list of options. Once you exit from the editor, the modified

crontab is installed immediately.

8.9. Implementing PAM Authentication

As security measures become increasingly complex, administrators must be given tools

that simplify their management. For this reason, RHN Satellite Server supports network-

based authentication systems via Pluggable Authentication Modules (PAM). PAM is a suite

of libraries that helps system administrators integrate the Satellite with a centralized au-

thentication mechanism, thus eliminating the need for remembering multiple passwords.
RHN Satellite Server supports LDAP, Kerberos, and other network-based authentication

systems via PAM. To enable the Satellite to use PAM and your organization’s authentica-

tion infrastructure, complete the following tasks.
Set up a PAM service file (usually

/etc/pam.d/rhn-satellite

) and have the Satellite

use it by adding the following line to

/etc/rhn/rhn.conf

pam_auth_service = rhn-satellite

This assumes the PAM service file is named

rhn-satellite

To enable a user to authenticate against PAM, select the checkbox labeled

Pluggable Au-

thentication Modules (PAM)

. It is positioned below the password and password confir-

mation fields on the

Create User

page.

As an example, to authenticate against Kerberos one could put the following in

/etc/pam.d/rhn-satellite

#%PAM-1.0

auth

required

/lib/security/pam_env.so

auth

sufficient

/lib/security/pam_krb5.so no_user_check

auth

required

/lib/security/pam_deny.so

account

required

/lib/security/pam_krb5.so no_user_check

Содержание NETWORK SATELLITE SERVER 4.1.0

Страница 1: ...RHN Satellite Server 4 1 0 Installation Guide...

Страница 2: ...ailable at http www opencontent org openpub Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder Distribution of the w...

Страница 3: ...ogram 30 4 3 Automated RHN Satellite Server Installation 32 4 4 Sendmail Configuration 32 4 5 MySQL Installation 33 5 Entitlements 35 5 1 Receiving the Certificate 35 5 2 Uploading the RHN Entitlement...

Страница 4: ...Control 59 8 4 1 DB Control Options 59 8 4 2 Backing up the Database 60 8 4 3 Verifying the Backup 61 8 4 4 Restoring the Database 61 8 5 Cloning the Satellite with Embedded DB 62 8 6 Establishing Re...

Страница 5: ...em level support and management of Red Hat systems and networks of systems Red Hat Network brings together the tools services and information repositories needed to maximize the reliability security a...

Страница 6: ...trol clients System Profiles are stored on the local RHN Satellite Server not on the central Red Hat Network Servers Customized updates create a truly automated package delivery system for custom soft...

Страница 7: ...back is a detailed description of what went wrong that is useful for troubleshooting the RHN Satellite Server Tracebacks are automatically generated when a critical error occurs and are mailed to the...

Страница 8: ...may also be installed If the packages are installed the client system sends an updated package profile to the database on the RHN Satellite Server those packages are removed from the list of outdated...

Страница 9: ...tabase Client systems must be configured to use the Satellite Custom pack ages and channels should be created for optimal use Since these tasks extend beyond the basic installation they are covered in...

Страница 10: ...Satellite machine 8 Create the first user account on the Satellite by opening the Satellite s hostname in a Web browser and clicking Create Account This will be the Satellite Administrator s also ref...

Страница 11: ...ed with standard Red Hat channels and packages and all clients are connected to it you may begin creating and serving custom channels and packages Once the custom RPMs are developed you can import the...

Страница 12: ...8 Chapter 1 Introduction...

Страница 13: ...per ating system for the Satellite Warning Security enhanced Linux SELinux must be disabled or in permissive mode prior to in stallation of RHN Satellite Server To do this during CD or ISO image insta...

Страница 14: ...owing hardware configuration is required for the two types of RHN Satellite Server Stand Alone Database Embedded Database Required Pentium IV processor 2 4GHz 512K cache or equivalent Required Pentium...

Страница 15: ...minutes as set in the etc sysconfig rhn rhnsd configuration file of the client systems significantly increases the load on those components Additional hardware requirements include The Stand Alone Dat...

Страница 16: ...ncluded in this formula Keep in mind the database storage needs may grow rapidly depending upon the variance of the following factors The number of public Red Hat packages imported typical 5000 The nu...

Страница 17: ...from the In ternet However it must be able to issue outbound connections to rhn redhat com xml rpc rhn redhat com and satellite rhn redhat com on ports 80 and 443 Also if Monitoring is enabled on your...

Страница 18: ...nd database connection which also requires a SID or net service name Red Hat strongly recommends this information be copied onto two separate floppy disks printed out on paper and stored in a fireproo...

Страница 19: ...ssential steps necessary to get an RHN Satellite Server up and running 2 The RHN Client Configuration Guide This guide explains how to configure the systems to be served by an RHN Proxy Server or RHN...

Страница 20: ...16 Chapter 2 Requirements...

Страница 21: ...ver The number of RHN Satellite Servers being used in the customer environment The number of RHN Proxy Servers being used in the customer environment The rest of this chapter describes possible config...

Страница 22: ...ing multiple RHN Satellite Servers in a horizontally tiered configuration and balancing the load of client requests It is possible to synchronize content between RHN Satellites using the rhn satellite...

Страница 23: ...ages created locally In essence the Proxies act as clients of the Satellite This vertically tiered configuration requires that channels and RPMs be created only on the RHN Satellite Server In this man...

Страница 24: ...20 Chapter 3 Example Topologies Figure 3 3 Satellite Proxy Vertically Tiered Topology...

Страница 25: ...atabase itself is built in rhnsat Refer to Section 2 2 Hardware Requirements for precise specifications Enable Network Time Protocol NTP on the Satellite and separate database if it exists and select...

Страница 26: ...stall pl This script has several options to assist with your installation process To view these options enter the following command install pl help 6 The script first runs through a pre requisite chec...

Страница 27: ...ellite is configured Setting up environment and users 12 In order to activate the Satellite you must provide it with the location of your Satellite certificate Activating Satellite Where is your satel...

Страница 28: ...f your Satellite via a web browser Create the satellite administrator account also referred to as the Organiza tion Administrator and click the Create Login button to move to the next screen the Your...

Страница 29: ...n 25 Figure 4 2 Final Configuration Prompt 17 The Satellite Configuration General Configuration page allows you to alter the most basic Satellite settings such as the admin email address and whether M...

Страница 30: ...n are used to mail monitoring notification messages to administration This is required only if you intend to receive alert notifications from probes If you do provide the mail server exchanger and dom...

Страница 31: ...the file and select it To input its contents open your certificate in a text editor copy all lines and paste them directly into the large text field at the bottom Red Hat recommends using the file lo...

Страница 32: ...central RHN Servers The required fields are pre populated with values derived from previous installation steps Ensure this information is accurate Checkboxes offer options for including built in secu...

Страница 33: ...rap 21 The RHN Satellite Configuration Restart page contains the final step in con figuring the Satellite Click the Restart button to restart the Satellite in order to incorporate all of the configura...

Страница 34: ...30 Chapter 4 Installation Figure 4 7 Restart 22 Once the Satellite has restarted the countdown notice disappears You are now free to begin using your Satellite Figure 4 8 Restart Complete...

Страница 35: ...e and re create empty Satellite schema skip system version test Do not test the Red Hat Enterprise Linux version before installing skip selinux test Do not check to make sure SELINUX is disabled RHN S...

Страница 36: ...s desired options 4 Once the answer file is ready use the answer file option when starting the installation process from the command line install pl answer file tmp answers txt The RHN Satellite Serve...

Страница 37: ...cf package up2date sendmail cf Note disconnected installs must obtain this package from the ISO Restart sendmail service sendmail restart 4 5 MySQL Installation This sections is applicable only if you...

Страница 38: ...34 Chapter 4 Installation...

Страница 39: ...e by customers who have received a new RHN Entitlement Certificate such as one reflecting an increase in the number of entitlements 5 1 Receiving the Certificate The RHN Entitlement Certificate is an...

Страница 40: ...this 1 Log into https rhn redhat com with your organization s Satellite entitled account 2 Click Systems in the top navigation bar and then the name of the RHN Satellite Server You may also find the S...

Страница 41: ...th a list of options sanity only Confirm certificate sanity Does not activate the Satellite locally or remotely disconnected Activates locally but not on remote RHN Servers rhn cert PATH TO CERT Uploa...

Страница 42: ...he tool and these options To validate an RHN Entitlement Certificate s sanity only rhn satellite activate sanity only rhn cert path to demo cert To validate an RHN Entitlement Certificate and populate...

Страница 43: ...the user with the d option Once that directory has been transported to another Satellite the RHN Satellite Synchronization Tool may be used to import the contents synchronizing two Satellites 6 1 1 rh...

Страница 44: ...e rhn satellite exporter command Option Description d dir Place the exported information into this directory cCHANNEL_LABEL channel CHANNEL_LABEL Process data for this specific channel specified by la...

Страница 45: ...ed channels 6 1 2 1 Running the Export First be sure to configure the Satellite in the manner that you would either like to duplicate in another Satellite or back up to a storage solution Second selec...

Страница 46: ...sed environment imports can get their data from downloaded ISOs or from the XML data generated by RHN Satellite Exporter The RHN Satellite Synchronization Tool works incrementally or in steps For it t...

Страница 47: ...ls and exit c channel CHANNEL_LABEL Process data for this channel only Multiple channels can be included by repeating the option If no channels are specified all channels on the Satellite will be fres...

Страница 48: ...ificate by including the full path and filename systemid SYSTEM_ID For debugging only Include path to alternative digital system ID systemid SYSTEM_ID For debugging only Include path to alternative di...

Страница 49: ...ns on the page to obtain the Channel Content ISOs available by version of Red Hat Enterprise Linux If the desired Channel Content ISOs do not appear ensure your RHN Entitlement Certificate has been up...

Страница 50: ...or by mounting the data from another machine using NFS It is perhaps easiest to copy the data into the new directory with a command such as the following scp r root storage example com var sat backup...

Страница 51: ...a describing the channel Individually use the step channels option 3 Moving the RPM packages from the temporary repository into their final location Individually use the step rpms option 4 Parsing the...

Страница 52: ...ote All analysis is performed on the RHN Satellite Server the central RHN Servers deliver only an export of its channel information and remain ignorant of any details regarding the RHN Satellite Serve...

Страница 53: ...g Channel Content ISOs for instructions on downloading the ISOs For ease of import we recommend that the data be copied from media directly into a common repository through a command such as the follo...

Страница 54: ...50 Chapter 6 Importing and Synchronizing...

Страница 55: ...provide invaluable information about the activity that has taken place on the device or within the application that can be used to monitor performance and ensure proper configuration See Table 7 1 fo...

Страница 56: ...n to log files you can obtain valuable information by retrieving the status of your RHN Satellite Server and its various components This can be done with the command service rhn satellite status In ad...

Страница 57: ...log files may be at fault Stop the jabberd daemon before removing these files To do so issue the following commands as root service jabberd stop cd var lib jabberd rm f _db service jabberd start 7 3...

Страница 58: ...is the result of a Satellite being installed on a machine whose time had been improperly set During the Satellite installation process SSL certificates are created with inaccurate times If the Satel l...

Страница 59: ...ill serve in both capacities Refer to the SSL Certificates chapter of the RHN Client Configuration Guide for specific instructions Make sure client systems are not using firewalls of their own blockin...

Страница 60: ...ebug tar bz2 removing temporary debug tree Debug dump created stored in tmp satellite debug tar bz2 Deliver the generated tarball to your RHN contact or support channel Once finished email the new fil...

Страница 61: ...lite restart service rhn satellite status Use the rhn satellite service to shut down and bring up the entire RHN Satellite Server and retrieve status messages from all of its services at once 8 2 Upda...

Страница 62: ...increase its number of client systems refer to Chapter 5 Entitlements for instructions 8 3 Backing Up the Satellite Backing up an RHN Satellite Server can be done in several ways Regardless of the met...

Страница 63: ...istration and SSL certificate generation sections The final and most comprehensive method would be to back up the entire machine This would save time in downloading and reinstalling but would require...

Страница 64: ...database stop command as root tablesizes Show space report for each table verify DIRNAME Verifies the contents of the backup kept in DIRNAME This command checks the md5sums of each of the files kept...

Страница 65: ...a quick check of the backup s timestamp and determine any missing files issue this command as oracle db control examine DIRNAME To conduct a more thorough review including checking the md5sum of each...

Страница 66: ...hange DNS to point to the new machine or configure your load balancer appropri ately 8 6 Establishing Redundant Satellites with Stand Alone DB In keeping with the cloning option available to Satellite...

Страница 67: ...ficate on client systems 5 If you did not create a new bootstrap script copy the contents of var www html pub bootstrap from the primary Satellite to the secondary If you did generate a new one copy t...

Страница 68: ...Tools menu In addition to the standard categories available to all users through the top navigation bar Satellite Organization Administrators also have access to a Tools menu Clicking this opens the R...

Страница 69: ...run the command sbin service taskomatic restart Other service commands can also be used including start stop and status 8 7 1 2 Accessing the String Manager The Tools menu also offers a String Manage...

Страница 70: ...ation Administrator role must be removed from the user s profile before delet ing the user from the RHN Satellite Server Failing to do so causes the delete operation to fail The Organization Administr...

Страница 71: ...ime for Red Hat Network so synchronization at that time may be slow For these reasons Red Hat en courages you to automate synchronization at other times to better balance load and ensure quick synchro...

Страница 72: ...work based authentication systems via Pluggable Authentication Modules PAM PAM is a suite of libraries that helps system administrators integrate the Satellite with a centralized au thentication mecha...

Страница 73: ...as described in Section 2 4 Additional Requirements Then you must install the osa dispatcher package which can be found in the RHN Satellite Server software channel for the Satellite within the centr...

Страница 74: ...70 Chapter 8 Maintenance...

Страница 75: ...Hat and custom served by the RHN Satellite mount_point var satellite Corporate gateway hostname PORT server satellite http_proxy corporate_gateway example com 8080 server satellite http_proxy_username...

Страница 76: ...acls RHN Access web default_taskmaster_tasks RHN Task SessionCleanup RHN Task ErrataQueue RHN Task ErrataEngine RHN Task DailySummary RHN Task SummaryPopulation RHN Task RHNProc RHN Task PackageCleanu...

Страница 77: ...ion opt 21 db control options 59 db control use 59 disable services ntsysv chkconfig 15 E embedded database default location rhnsat 21 enabling push to clients 69 entitlement certificate 14 21 F firew...

Страница 78: ...1 Red Hat Update Agent definition 2 redundant satellite 62 requirements 9 additional 13 database 11 hardware 10 software 9 RHN components 3 RHN DB Control backup 60 options 59 restore 61 verify 61 RHN...

Страница 79: ...ng channel data in sync 47 satellite data 39 T terms to understand 2 tool use 63 topologies 17 multiple satellites horizontally tiered 18 satellite and proxies vertically tiered 19 single satellite 17...

Страница 80: ......

Результаты поиска

Содержание NETWORK SATELLITE SERVER 4.1.0

Отзывы:

Похожие инструкции для NETWORK SATELLITE SERVER 4.1.0

Бренды по названию

Популярные бренды

Red Hat NETWORK SATELLITE SERVER 4.1.0, Руководство по установке

Результаты поиска

Содержание NETWORK SATELLITE SERVER 4.1.0

Отзывы:

Похожие инструкции для NETWORK SATELLITE SERVER 4.1.0

Бренды по названию

Популярные бренды