Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States
and other countries.
All other trademarks referencedherein are the property of their respective owners.
The GPG fingerprint of the security@redhat.comkey is:
CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E
This best practices guide is intended to help customers of RHN Satellite Server and RHN
Proxy Server configure their client systems more easily.
By default, all Red Hat Network client applications are configured to communicate with
central Red Hat Network Servers. When connecting clients to RHN Satellite Server or
RHN Proxy Server instead, many of these settings must be altered. Altering client settings
for a system or two may be relatively simple. A large enterprise environment, containing
hundreds or thousands of systems, will likely benefit from the mass reconfiguration steps
described here.
Due to the complexity of this undertaking, customers may utilize a pre-populated script
that automates many of the tasks necessary to access their Satellite or Proxy server; refer
to Chapter 5 Using RHN Bootstrap for details. Red Hat believes that understanding the
implications fo these changes is helpful and therefore describes the manual steps for reconfiguration in the opening chapters. Use your best judgement in determining the ideal
solution for your organization.
Although many of the commands provided within this guide can be applied as they appear, it is impossible to predict all potential network configurations adopted by customers.
Therefore, Red Hat encourages you to use these commands as references that must take
into account your organization’s individual settings.
Note
Unix client configuration information may be found in the RHN 4.0 Reference Guide in the
Unix Support chapter.
2Chapter 1. Introduction
Chapter 2.
Client Applications
In order to utilize most enterprise-class features of Red Hat Network, such as registering
with a RHN Satellite, configuration of the latest client applications is required. Obtaining
these applications before the client has registered with Red Hat Network can be difficult.
This paradox is especially problematic for customers migrating large numbers of older
systems to Red Hat Network. This chapter identifies techniques to resolve this dilemma.
Important
Red Hat strongly recommends that clients connected to a RHN Proxy Server or RHN
Satellite Server be running the latest update of Red Hat Enterprise Linux to ensure proper
connectivity.
2.1. Deploying the Latest Red Hat Network Client RPMs
Red Hat Update Agent (up2date) and Red Hat Network Registration Client
(rhn_register) are prerequisites for using much of Red Hat Network’s enterprise
functionality. It is crucial to install them on client systems before attempting to use RHN
Proxy Server or RHN Satellite Server in your environment.
There are several sensible approaches to accomplish this update of the RHN client software. One of which involves storing the RPMs in a location that is accessible by all client
systems and deploying the packages with the simplest command possible. In nearly all
cases, a manual deployment of up2date and rhn_register (if RHEL 2.1) do not need
to be performed. Those client tools should have no issues connecting to your RHN Satellite
or Proxy environment. These discussion below assumes that the "out of box" up2date and
rhn_register are not the latest and do not work for your environment.
Remember, only systems running Red Hat Enterprise Linux 2.1 must use the Red Hat
Network Registration Client to register with RHN. Systems running Red Hat EnterpriseLinux 3 and later can use the registration functionality built into the Red Hat Update
Agent.
This document presumes that the customer has installed at least one RHN Satellite Server
and/or RHN Proxy Server on their network. The example below demonstrates a simple approach of deploying up2date and rhn_register for the first time by an administrator assuming the machines don’t already have a working RHN. The administrator has populated
the /var/www/html/pub/ directory with a copy of the up2date and rhn_register
(for RHEL 2.1 systems) RPMs that his client systems need, and then has simply deployed
4Chapter 2. Client Applications
those RPMs onto his client systems with a simple rpm -Uvh command. Run from a client,
this command installs the RPMs to that client, assuming the domain name, paths, and RPM
versions are correct:
Note the inclusion of the associated gnome RPMs. Keep in mind, the architecture (in this
case, i386) may need to be altered depending on the systems to be served.
2.2. Configuring the Client Applications
Not every customer must connect securely to a RHN Satellite Server or RHN Proxy Server
within their organization. Not every customer needs to build and deploy a GPG key for custom packages. (Both of these topics are explained in detail later.) Every customer who uses
RHN Satellite Server or RHN Proxy Server must reconfigure the Red Hat Update Agent
(up2date) and possibly the Red Hat Network Registration Client (rhn_register) to
redirect it from Red Hat Network to their RHN Satellite Server or RHN Proxy Server.
Important
Although this is not configurable, note that the port used by the Red Hat Update Agent
is 443 for SSL (HTTPS) and 80 for non-SSL (HTTP). By default, up2date uses SSL
only. For this reason, users should ensure that their firewalls allow connections over
port 443. To bypass SSL, change the protocol for serverURL from https to http in
/etc/sysconfig/rhn/up2date. Similarly, to use RHN’s Monitoring feature and probes
requiring the Red Hat Network Monitoring Daemon, note that client systems must allow
connections on port 4545 (or port 22, if using sshd instead).
By default, the Red Hat Network Registration Client and the Red Hat Update Agent
refer to the main Red Hat Network Servers. Users must reconfigure client systems to refer
to their RHN Satellite Server or RHN Proxy Server.
Note that the latest versions of the Red Hat Update Agent can be configured to accommodate several RHN Servers, thereby providing failover protection in case the primary server
is inaccessible. Refer to Section 2.2.4 Implementing Server Failover for instructions on enabling this feature.
The next sections describe three methods of configuring the client systems to access
your RHN Satellite Server or RHN Proxy Server: using an Activation Key, up2date
Chapter 2. Client Applications5
--configure, and manually updating the configuration files.( To see how virtually all
reconfiguration can be scripted, see Chapter 6 Manually Scripting the Configuration.)
2.2.1. Registering with Activation Keys
Red Hat recommends using activation keys for registering and configuring client systems
that access RHN Proxy Server or RHN Satellite Server. Activation keys can be used to
register, entitle, and subscribe systems in a batch. Refer to the Activation Keys section of
the Red Hat Update Agent chapter within the RHN Management Reference Guide for
instructions on use.
Registering with an activation key has four basic steps:
1. Generate an Activation Key as described in the Activation Keys section of the RedHat Update Agent chapter within the RHN Management Reference Guide
2. Import custom GPG keys.
3. Download and install the SSL Certificate RPM from the /pub/ directory of the RHN
Proxy Server or RHN Satellite Server. The command for this step could look something like this:
The bootstrap script, generated at installation and available for both RHN Satellite Server
and RHN Proxy Server, is such a script. The script and the RHN Bootstrap that generates
it are discussed in detail in Chapter 5 Using RHN Bootstrap.
Warning
Systems running Red Hat Enterprise Linux 2.1 and versions of Red Hat Linux prior to 8.0
may experience problems using Activation Keys to migrate SSL certificate settings from
rhn_register to up2date. Therefore, the SSL certificate information on those systems
must be set manually. All other settings, such as the server URL, transfer properly.
6Chapter 2. Client Applications
2.2.2. Using the --configure Option
Both the Red Hat Network Registration Client and the Red Hat Update Agent that ship
with Red Hat Enterprise Linux provide interfaces for configuring various settings. For full
listings of these settings, refer to the chapters dedicated to the applications in the RHNManagement Reference Guide.
Each application offers a graphical user interface (GUI) for configuration that enables you
to change the settings required by RHN Proxy Server or RHN Satellite Server. The GUI
requires that the client system run the X Window System. The command to launch the GUI
configuration interface will look like:
application_filename --configure
To reconfigure the Red Hat Update Agent, issue the following command as root:
up2date --configure
You are presented with a dialog box offering various settings that may be
reconfigured.IntheGeneraltab,underSelect a Red Hat Network
Server to use replace the default value with the fully qualified domain
name (FQDN) of the RHN Satellite Server or RHN Proxy Server, such as
https://your_proxy_or_sat.your_domain.com/XMLRPC.Retainthe
/XMLRPC at the end. When finished, click OK.
Chapter 2. Client Applications7
Figure 2-1. Red Hat Update Agent GUI Configuration
Make sure you enter the domain name of your RHN Satellite Server or RHN
Proxy Server correctly. Entering an incorrect domain or leaving the field blank
may prevent up2date --configure from launching. This may be resolved,
however, by editing the value in the up2date configuration file. Refer to
Section 2.2.3 Updating the Configuration Files Manually for precise instructions.
Warning
Systems running Red Hat Enterprise Linux 3 or newer have registration functionality built
into the Red Hat Update Agent and therefore do not install the Red Hat Network Regis-tration Client. Systems running Red Hat Enterprise Linux 2.1 (and versions of Red Hat
Linux prior to 8.0) must reconfigure and use the Red Hat Network Registration Client,
as well as the Red Hat Update Agent.
To reconfigure the Red Hat Network Registration Client, perform an almost identical set
of steps. As root, run the following command:
8Chapter 2. Client Applications
/usr/bin/rhn_register --configure
You are presented with a dialog box offering basic settings that may be reconfigured.
Under Select a Red Hat Network server to use replace the default value with
the fully qualified domain name (FQDN) of the RHN Satellite Server or RHN Proxy
Server, such as https://your_proxy_or_sat.your_domain.com/XMLRPC.
Retain the /XMLRPC at the end. Click OK when finished.
Figure 2-2. Red Hat Network Registration Client GUI Configuration
If your version of rhn_register does not display the server field, and you cannot
upgrade to a later version, you may enter the domain name of your RHN Satellite Server
or RHN Proxy Server directly into the rhn_register configuration file. Refer to
Section 2.2.3 Updating the Configuration Files Manually for precise instructions.
2.2.3. Updating the Configuration Files Manually
As an alternative to the GUI interface described in the previous section, users may also
reconfigure the Red Hat Network Registration Client and the Red Hat Update Agent
by editing the applications’ configuration files.
To configure Red Hat Update Agent on the client systems connecting to the RHN Proxy
Server or RHN Satellite Server, edit the values of the serverURL and noSSLServerURL
Chapter 2. Client Applications9
settings in the /etc/sysconfig/rhn/up2date configuration file (as root). Replace the
default Red Hat Network URL with the fully qualified domain name (FQDN) for the RHN
Proxy Server or RHN Satellite Server. For example:
serverURL[comment]=Remote server URL
serverURL=https://your_primary.your_domain .com/XMLRPC
noSSLServerURL[comment]=Remote server URL without SSL
noSSLServerhttp://your_primary.your_domain .com/XMLRPC
Warning
The httpProxy setting in /etc/sysconfig/rhn/up2 date does not refer to the RHN
Proxy Server. It is used to configure an optional HTTP proxy for the client. With an RHN
Proxy Server in place, the httpProxy setting must be blank (not set to any value).
Skip this section if you are running Red Hat Enterprise Linux 3 or later on the client system.
Note
You must use version 2.7.11 or higher of rhn_register on client systems so they can
recognize new cer tificates. This RPM should be available in /var/spool/up2date on
your proxy system after running up2date for the Proxy.
To configure the Red Hat Network Registration Client on the client systems connecting
to the RHN Proxy Server or RHN Satellite Server, edit the values of the serverURL and
noSSLServerURL options in the /etc/sysconfig/rhn/rhn_register configuration
file (as root). Replace the default Red Hat Network URL with the fully qualified domain
name (FQDN) for the RHN Proxy Server or RHN Satellite Server. For example:
serverURL[comment]=Remote server URL
serverURL=https://your_proxy_or_sat.your_d omain.com/XMLRPC
noSSLServerURL[comment]=Remote server URL without SSL
noSSLServerURL=http://your_proxy_or_sat.yo ur_domain.com/XMLRPC
10Chapter 2. Client Applications
2.2.4. Implementing Server Failover
Beginning with up2date-4.2.38, the Red Hat Update Agent can be configured to seek
updates from a series of RHN Servers. This can be especially helpful in sustaining constant
updates if your primary RHN Proxy Server or RHN Satellite Server may be taken offline.
To use this feature, first ensure that you are running the required version of up2date. Then
manually add the secondary servers to the serverURL and noSSLServerURL settings in
the /etc/sysconfig/rhn/up2date configuration file (as root). Add the fully qualified
domain names (FQDN) for the Proxy or Satellite immediately after the primary server,
separated by a semicolon (;). For example:
serverURL[comment]=Remote server URL
serverURL=https://your_primary.your_domain .com/XMLRPC; \
https://your_secondary.your_domain.com/XML RPC;
noSSLServerURL[comment]=Remote server URL without SSL
noSSLServerhttp://your_primary.your_domain .com/XMLRPC; \
https://your_secondary.your_domain.com/XML RPC;
Connection to the servers is attempted in the order provided here. You can include as many
servers as you wish. You may list the central RHN Servers, as well. This makes sense,
however, only if the client systems can reach the Internet.
2.3. Configuring the Red Hat Network Alert Notification
Tool with Satellite
The Red Hat Network Alert Notification Tool, the round icon in the panel of your Red
Hat desktop, can be configured on systems running Red Hat Enterprise Linux 3 or later
to recognize updates available from custom channels on your RHN Satellite Server. You
must ensure the RHN Satellite Server is configured to support this feature. (RHN Proxy
Server supports the applet without modification of client or server.) The steps to configure
the Red Hat Network Alert Notification Tool are as follows:
1. Ensure that your RHN Satellite Server is version 3.4 or later and that you have the
rhns-applet package installed on the Satellite. The package can be found in the
RHN Satellite software channel for versions 3.4 and newer.
2. Retrieve the rhn-applet-actions package with up2date or through the Red Hat
Network Tools software channel. Install the package on all Red Hat Enterprise Linux
3 and newer client systems to be notified of custom updates with the Red Hat Net-work Alert Notification Tool. The client systems must be entitled to the Management or Provisioning service levels.
Chapter 2. Client Applications11
3. Within the Satellite’s version of the RHN website, go to the System Details page for
each system and click the link within the RHN Applet area to redirect the Red HatNetwork Alert Notification Tool to the Satellite.
The next time the applet is started, it will apply its new configuration and connect to the
RHN Satellite Server for updates.
Loading...
+ 33 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.