Installation Guide
Configuring, registering, and updating Red Hat Satellite Server
Abstract
Chapter 1. Introduction
1.1. Red Hat Satellite 5
The popular functionality of Satellite 5 includes the ability to provision a large number of systems using kickstart files and activation keys to install and configure systems to a predictable state. This provisioning process associates systems to designated organizations, software and configuration channels, as well as placing systems in predefined system groups. The Satellite 5 provisioning functionality enables administrators to provision thousands of systems in a consistent manner.
Satellite 5 is recognized as a solid platform for managing software and configuration files for a large number of systems. It is also well known for the simplicity and consistency of the provisioning process. The Satellite 5 systems management platform is also well known for delivering the correct versions and updated versions of content to the correct systems in a very structured manner. Administrators can manage the Satellite and systems management processes through the Satellite webUI and also through the Satellite API interfaces.
1.2. System Overview
- Red Hat Satellite Core
- The core system and entry point for Red Hat Update Agent running on client systems. Red Hat Satellite also includes an Apache HTTP Server, which serves XML-RPC requests.
- Red Hat Satellite Web Interface
- A user interface for advanced system, system group, user, and channel management. The organization configures access to the Red Hat Satellite web interface from the local area network and, optionally, the Internet too. Red Hat Satellite provides an interface similar to the Red Hat Network website and allows full control over client systems, system groups, and users.
- Database
- Red Hat Satellite uses one of the following database types:
- Embedded Database - The database comes bundled with Red Hat Satellite and is installed on the same machine as the Satellite during the installation process. The included database is PostgreSQL.
- Managed Database - The database comes bundled with Red Hat Satellite and is installed on a separate machine during the installation process. The included database is PostgreSQL.
- External Database - An organization's existing database or, preferably, a database contained on a separate machine. Red Hat Satellite supports PostgreSQL, Oracle Database 11g (Standard or Enterprise Edition), or Oracle Database 10g Release 2 (Standard or Enterprise Edition) for this database installation type.
- RPM Repository
- Package repository for Red Hat RPM packages and custom RPM packages identified by the organization.
- Management Tools
- The Red Hat Satellite Management Tools synchronize the database and package repository with Red Hat Network. Red Hat Satellite also includes management tools for:
- Database and file system synchronization
- Custom RPM and repository imports
- Channel maintenance (Web-based)
- Errata management (Web-based)
- User management (Web-based)
- Client system and system grouping (Web-based)
- Red Hat Update Agent
- The Red Hat Update Agent operates on client systems to retrieve updates from the organization's internal Red Hat Satellite. System administrators also schedule these actions through the Red Hat Satellite Web Interface.When a client requests updates, the organization's internal Red Hat Satellite queries its database, authenticates the client system, identifies updated packages, and sends the requested RPMs back to the client system. The client also installs these packages if set in preferences. The client system can send an updated package profile to the database on the Red Hat Satellite.
Important
Red Hat strongly recommends that clients connected to Red Hat Satellite be running the latest update of Red Hat Enterprise Linux to ensure proper connectivity. - Red Hat Satellite Proxy Server
- Use Red Hat Satellite in conjunction with Red Hat Satellite Proxy Server to create a distributed, self-contained Satellite environment for the organization. For example, an organization can maintain one Red Hat Satellite in a secure location while systems in proximity connect to it through local network access. Other remote offices would maintain Satellite Proxy Server installations that connect to the Satellite server. The different locations inside the organization require a networked connection, but this can be a private network; an Internet connection is not required for any of the systems. See the Red Hat Satellite Proxy Installation Guide for more information on installing and configuring Satellite Proxies.
Figure 1.1. Using Red Hat Satellite and Red Hat Satellite Proxy Server Together
- Enhanced Entitlements Reporting
- Red Hat Satellite 5 uses channels and system entitlement consumption to manage Red Hat content. Newer entitlement tools that integrate with the Red Hat Customer Portal, such as Red Hat Subscription Asset Manager, use certificate-based entitlements. The rules for these two types of entitlement methods differ.Red Hat Satellite 5.7 also provides an Enhanced Entitlements Reporting technology that integrates with certificate-based entitlement tools. This provides an overview of entitlement consumption from Satellite 5's system management while using newer certificate-based entitlement rules. This allows administrators to:
- Track entitlement consumption at a detailed level.
- Measure consumption based on socket count, host/guest relationships and channel usage
- Capture historical consumption data to enable system administrators to view which entitlements were consumed at a particular time as well as the status of entitlements at specific points in time.
Important
The Enhanced Entitlements Reporting functionality only provides reports on content consumption. It does not manage content consumption.Important
Enhanced Entitlements Reporting is only available for Red Hat Satellite 5.6 and later.
1.3. Terms to Understand
- Channel
- A Channel is a list of software packages. There are two types of channels: base channels and child channels. A base channel consists of a list of packages based on a specific architecture and Red Hat release. A child channel is a channel associated with a base channel that contains extra packages.
- Organization Administrator
- An Organization Administrator is a user role with the highest level of control over an organization's Red Hat Network account. Members of this role can add other users, systems, and system groups to the organization as well as remove them. A Red Hat Network organization must have at least one Organization Administrator.
- Channel Administrator
- A Channel Administrator is a user role with full access to channel management capabilities. Users with this role are capable of creating channels, assigning packages to channels, cloning channels, and deleting channels. This role can be assigned by an Organization Administrator through the Users tab of the Red Hat Network website.
- Certificate Authority
- A Certificate Authority distributes digital signatures to users as part of public key infrastructure for encrypted authentication and communication.
- Traceback
- A Traceback is a detailed error message for troubleshooting the Red Hat Satellite. Red Hat Satellite generates Tracebacks automatically when a critical error occurs and mails the individual(s) designated in the Red Hat Satellite configuration file.
1.4. Summary of Steps
Obtaining Red Hat Satellite
- After an evaluation, contact your Red Hat sales representative to purchase Red Hat Satellite.
- Receive a Red Hat Network Entitlement Certificate and login information for Red Hat Network from your sales representative.
- Log into the Red Hat Customer Portal website (access.redhat.com) and download the distribution ISOs for Red Hat Enterprise Linux and Red Hat Satellite. These can be found on the Download Software page under → → .
- (Optional) While still logged into the Customer Portal, download the Channel Content ISOs to be served by your Red Hat Satellite. These are also available through the Download Software page under → → . These Channel Content ISOs differ from the distribution ISOs previously mentioned in that they contain metadata necessary for parsing and serving packages by Red Hat Satellite.
Preparing for Red Hat Satellite Installation
- Check the software, hardware, and standard database requirements. See Chapter 2, Requirements for these requirements.
- Create and download an entitlement certificate to activate the Satellite server. See Chapter 3, Entitlement Certificate for these instructions.
Installing Red Hat Satellite
- If installing Red Hat Satellite with an Embedded Database, use the following installation scenario: Section 4.1, “Scenario 1: Installing Satellite with Embedded Database”.
- If installing Red Hat Satellite with an Managed Database, use the following installation scenario: Section 4.2, “Scenario 2: Managed Database Installation”.
- If installing Red Hat Satellite with an External Database, use the following installation scenario: Section 4.3, “Scenario 3: Installing Satellite with External Database”.
Initial Use
- Open Red Hat Satellite's web interface in a web browser and create the first user account. This is the Administrator account (also referred to as the Organization Administrator).
- Finalize Red Hat Satellite with any post-installation steps.
- Use the Red Hat Satellite Synchronization Tool to import the channels and associated packages into the Red Hat Satellite.
Chapter 2. Requirements
2.1. Software Requirements
- Base Operating System
- Red Hat Satellite 5 requires a Red Hat Enterprise Linux 6 operating system with the latest packages from the
@Base
package group and no other package-set modifications, third-party configurations, or software not directly necessary for the operation of the server. This restriction includes hardening or other non-Red Hat security software. If such software is required in your infrastructure, first install and verify a complete working Red Hat Satellite first, then create a backup of the system before adding any non-Red Hat software.Red Hat Satellite 5 also supports installation on Red Hat Enterprise Linux to supported virtualized environments, including:- KVM
- Xen
- VMware
Performance on virtualized environments will not always equal the same performance of physical hardware. Make sure to consider your virtual environment's performance and implement any recommended tuning guidelines.Important
Each purchased Satellite product includes one supported instance of Red Hat Enterprise Linux Server. Install Satellite on a fresh installation of Enterprise Linux where Satellite is the only application and service provided by the OS. Using the Red Hat Enterprise Linux OS included with Satellite to run other daemons, applications, or services within your environment is not supported.Important
Register the base operating system through Red Hat Subscription Manager. - Red Hat Satellite Installation Media
- Red Hat provides the installation media as a disc or ISO. It contains an Red Hat Satellite Installation Script, which installs all packages required for Red Hat Satellite.
Important
The Red Hat Satellite Installation Script installs packages beyond the@Base
package group. The installation script attempts to download and install these packages but prompts you to install the listed packages manually if they are unavailable. In this situation, either:- Install these package from your Red Hat Enterprise Linux installation media, or
- Subscribe the base operating system to the Red Hat Enterprise Linux channel to resolve package dependencies during installation.
The installation ISO lists the packages necessary for installation in therhelrpms
file located in theupdates
directory. - Channel content
- All software packages and data exported for all entitled Red Hat channels. This content is loaded directly on the Red Hat Satellite after installation using the Red Hat Satellite Synchronization Tool.
- Perl Interpreter
- The installation program requires a Perl interpreter. To test if a Perl interpreter is already installed, run the command
perl --version
. If the output includes the textcommand not found
, install a Perl interpreter.# yum install perl
2.2. Hardware Requirements
- Red Hat Satellite with Embedded Database - 1 machine
- Red Hat Satellite with Embedded Database and Enhanced Reporting - 2 machines
- Red Hat Satellite with Managed/External Database - 2 machines
- Red Hat Satellite with Managed/External Database and Enhanced Reporting - 3 machines
2.2.1. x86_64 Hardware Requirements
CPU
- Required: Intel dual-core processor, 2.4GHz, 512K cache or equivalent
- Recommended: Intel quad-core processor, 2.4GHz dual processor, 512K cache or equivalent
Memory
- Required: 4 GB of memory
- Recommended: 8 GB of memory
Storage
- 5 GB storage for base installation
- A minimum of 40 GB storage per software channel (including
Base
and child channels), in/var/satellite/
, configurable at install - A minimum of 10 GB storage for cache files stored within
/var/cache/rhn
. See Section 2.4.5, “Caching” for more information. - Strongly Recommended: A SCSI drive connected to a level 5 RAID
Database
- See Section 2.3.1, “Database Sizing” for standard database requirements.
- Embedded Database: A minimum of 12 GB storage for the database repository in the
/opt/rh/postgresql92/root/var/lib/pgsql/
partition on the Satellite host. This partition must be local storage only.Important
Due to an updated version of the PostgreSQL Embedded Database, the database location has changed from/var/lib/pgsql
in Red Hat Satellite 5.6 to/opt/rh/postgresql92/root/var/lib/pgsql
in Red Hat Satellite 5.7. Make sure to allocate enough hard disk space to this location. - Managed Database: A minimum of 12 GB storage for the database repository in the
/opt/rh/postgresql92/root/var/lib/pgsql/
partition on the Managed Database host. This partition must be local storage only. The instructions for installing this database are a part of the Managed Database installation scenario . - External Database: See Section 4.3.1, “External Database Requirements”.
Backup
- A separate partition (or better, a separate set of physical disks) for storing backups, which can be any directory specifiable at backup time
- An external SAN for more reliable backups
2.2.2. s/390x Hardware Requirements
CPU
- Required: 1 IFL, either in LPAR configuration or shared through z/VM
- Recommended: 2 or more IFLs on z9 or earlier, 1 or more IFL on z10
Memory
- Required: 4 GB of memory
- Recommended: 8 GB of memory
Storage
- Required:
- 1 GB swap on ECKD DASD
- 1xMod3 ECKD DASD or ≥ 2 GB FCP SCSI LUN for base installation
- A minimum of 40 GB storage per software channel (including
Base
and child channels), in/var/satellite/
, configurable at install - A minimum of 10 GB storage for cache files stored within
/var/cache/rhn
. See Section 2.4.5, “Caching” for more information.
- Recommended:
- 512 MB swap on VDISK + 1 GB swap on ECKD DASD
- 1xMod9 ECKD DASD or ≥ 2 GB multipathed FCP SCSI LUN for base installation
- A minimum of 40 GB storage per software channel (including
Base
and child channels), in/var/satellite/
, configurable at install - A minimum of 10 GB storage for cache files stored within
/var/cache/rhn
. See Section 2.4.5, “Caching” for more information.
Database
- See Section 2.3.1, “Database Sizing” for standard database requirements.
- Embedded Database: A minimum of 12 GB storage for the database repository in the
/opt/rh/postgresql92/root/var/lib/pgsql/
partition. This partition must be local storage only.Important
Due to an updated version of the PostgreSQL Embedded Database, the database location has changed from/var/lib/pgsql
in Red Hat Satellite 5.6 to/opt/rh/postgresql92/root/var/lib/pgsql
in Red Hat Satellite 5.7. Make sure to allocate enough hard disk space to this location. - Managed Database: A minimum of 12 GB storage for the database repository in the
/opt/rh/postgresql92/root/var/lib/pgsql/
partition on the Managed Database host. This partition must be local storage only. The instructions for installing this database are a part of the Managed Database installation scenario . - External Database: See Section 4.3.1, “External Database Requirements”.
Other
- z/VM 5.3 or later for kickstart and provisioning of guests.
- VSWITCH or HiperSocket LAN for high speed connections to guests
2.3. General Database Requirements
2.3.1. Database Sizing
- 250 KiB per client system
- 500 KiB per channel, plus 230 KiB per package in the channel (so a channel with 5000 packages would require 1.1 Gib)
- The number of public Red Hat packages imported (typical: 5000)
- The number of private packages to be managed (typical: 500)
- The number of systems to be managed (typical: 1000)
- The number of packages installed on the average system (typical: 500)
/opt/rh/postgresql92/root/var/lib/pgsql
contains an amount of free space equal to the tablespace size. This free space is used for the db-control restore
command. For example, ensure 12 GB of free space exists for a 12 GB tablespace.
Important
/var/lib/pgsql
in Red Hat Satellite 5.6 to /opt/rh/postgresql92/root/var/lib/pgsql
in Red Hat Satellite 5.7. Make sure to allocate enough hard disk space to this location.
2.3.2. Database Partitioning
Procedure 2.1. Creating and Mounting a Database Partition
- Log in to the database server as
root
. For Embedded Databases, this is the same server as the Red Hat Satellite. - Create the
postgres
user.# useradd -d /var/lib/pgsql -M -r -s /bin/bash -U postgres
- Add the mount point in
/etc/fstab
. For example:UUID="xxxxxxxx-xxxx-xxxx" /opt/rh/postgresql92/root/var/lib/pgsql ext4 defaults 0 0
Important
Red Hat does not support storing the database on a network filesystem. - Mount the partition to
/opt/rh/postgresql92/root/var/lib/pgsql
and change ownership topostgres:postgres
:# mkdir -p /opt/rh/postgresql92/root/var/lib/pgsql # mount /opt/rh/postgresql92/root/var/lib/pgsql # chown postgres:postgres /opt/rh/postgresql92/root/var/lib/pgsql # chmod 700 /opt/rh/postgresql92/root/var/lib/pgsql # restorecon -Rv /opt/rh/postgresql92/root/var/lib/pgsql
/opt/rh/postgresql92/root/var/lib/pgsql
.
Important
/var/lib/pgsql
in Red Hat Satellite 5.6 to /opt/rh/postgresql92/root/var/lib/pgsql
in Red Hat Satellite 5.7. Make sure to allocate enough hard disk space to this location.
2.4. Additional Requirements
2.4.1. Firewall
Port | Protocol | Direction | Reason |
---|---|---|---|
67 | TCP/UDP | Inbound | Open this port to configure the Red Hat Satellite as a DHCP server for systems requesting IP addresses. |
69 | TCP/UDP | Inbound | Open this port to configure Red Hat Satellite as a PXE server and allow installation and re-installation of PXE-boot enabled systems. |
80 | TCP | Outbound | Red Hat Satellite uses this port to reach Red Hat Network. |
80 | TCP | Inbound | Web UI and client requests come in via http. |
443 | TCP | Inbound | Web UI and client requests come in via https. |
443 | TCP | Outbound | Red Hat Satellite uses this port to reach Red Hat Network (unless running in a disconnected mode for Satellite). |
4545 | TCP | Inbound and Outbound | Red Hat Satellite Monitoring makes connections to rhnmd running on client systems, if Monitoring is enabled and probes are configured for registered systems. |
5222 | TCP | Inbound | This port pushes actions to client systems. |
5269 | TCP | Inbound and Outbound | This port pushes actions to Red Hat Proxy Server. |
5432 | TCP | Inbound and Outbound | This is a requirement for communication with a PostgreSQL database server if using an External Database or Managed Database. |
rhn.redhat.com
xmlrpc.rhn.redhat.com
satellite.rhn.redhat.com
content-xmlrpc.rhn.redhat.com
content-web.rhn.redhat.com
content-satellite.rhn.redhat.com
2.4.2. File Permissions
umask
command sets file permissions mask for new files. This helps secure the file permissions for new files created on a system. Users with a restrictive umask
value might experience problems with installation and operation of Red Hat Satellite. Use the recommended umask
value of 022
.
2.4.3. SELinux Policy
targeted
policy in enforcing
or permissive
mode on Red Hat Enterprise Linux 5 and 6.
2.4.4. Bandwidth
|
Single Package (10Mb)
|
Minor Release (750Mb)
|
Major Release (6Gb)
|
---|---|---|---|
256Kbps
|
5 Mins 27 Secs
|
6 Hrs 49 Mins 36 Secs
|
2 Days 7 Hrs 55 Mins
|
512Kbps
|
2 Mins 43.84 Secs
|
3 Hrs 24 Mins 48 Secs
|
1 Day 3 Hrs 57 Mins
|
T1 (1.5Mbps)
|
54.33 Secs
|
1 Hr 7 Mins 54.78 Secs
|
9 Hrs 16 Mins 20.57 Secs
|
10Mbps
|
8.39 Secs
|
10 Mins 29.15 Secs
|
1 Hr 25 Mins 53.96 Secs
|
100Mbps
|
0.84 Secs
|
1 Min 2.91 Secs
|
8 Mins 35.4 Secs
|
1000Mbps
|
0.08 Secs
|
6.29 Secs
|
51.54 Secs
|
2.4.5. Caching
/var/satellite/
, Red Hat Satellite requires space to generate cache files. These cache files are constantly regenerated as they become needed, even if the cache files are deleted. These cache files are stored within /var/cache/rhn
, and the storage needs of this directory depend on the following factors:
- How many channels you synchronize or import from Red Hat or Channel dumps.
- How many custom packages and channels you have.
- Whether or not you are using Red Hat Satellite Synchronization.
/var/cache/rhn/
on a Red Hat Satellite server. For very large environments with numerous channels, packages, and using Inter Satellite Sync, usage can grow to as much as 100 GB of space for cache files in /var/cache/rhn
.
2.4.6. Synchronized System Times
2.4.7. Setting System Language and Locale
/etc/sysconfig/i18n
file. The LANG
setting in the file must be in the following format:
LANG="[language_TERRITORY].UTF-8"
language
and TERRITORY
are entered as two-letter codes. For example if your language is English and your locale is the United States, you set your LANG
setting to en_US.UTF-8
.
2.4.8. Fully Qualified Domain Name (FQDN)
# hostname -f
Important
jabberd
) to fail.
2.4.9. Functioning Domain Name Service (DNS)
2.4.10. Red Hat Network Account
Warning
- Red Hat Enterprise Linux - Optional Packages
- Red Hat Enterprise Linux - Supplementary Packages
- Red Hat Developer Suite
- Red Hat Application Server
- Red Hat Extras
- JBoss product channels
2.4.11. Backups of Login Information
access.redhat.com
, the primary administrator account on the Red Hat Satellite itself, SSL certificate generation, and database connection (which also requires an SID, or net service name). Red Hat strongly recommends you copy this information to removable storage media, print out on paper, and store in a fireproof safe.
2.4.12. Channel Content ISOs
2.4.13. Service Access
chkconfig
.
- jabberd
- postgresql (for Embedded Database Installation)
- tomcat6 (for installation on Red Hat Enterprise Linux 6)
- httpd
- osa-dispatcher
- Monitoring
- MonitoringScout
- rhn-search
- cobblerd
- taskomatic
Chapter 3. Entitlement Certificate
Important
Procedure 3.1. Creating a New Entitlement Certificate
- Navigate to access.redhat.com in your web browser.
- Log in using your Red Hat customer account details.
- Navigate toin the upper-left corner.
- Navigate to Subscription Allocations.
- Click New subscription allocation.
- Enter a name in the Name field, select Satellite 5.7 from the Type drop-down list, and click Create.
- Navigate to the Subscription tab and click .
- For each product to be attached to the manifest, specify the desired quantity in the Entitlements field, and click Submit. It may take several minutes for the subscriptions to be attached.
- Clickand save the Entitlement Certificate file locally.
Chapter 4. Installation Scenarios
4.1. Scenario 1: Installing Satellite with Embedded Database
4.1.1. Downloading the Installation Media
Procedure 4.1. Download the Installation Media
- Log on to the Red Hat Customer Portal.
- Click Downloads.
- Click Red Hat Satellite.
- Select 5.7 for RHEL 6 from the Version drop-down list.
- Select x86_64 or s390x from the Architecture list.
- Download the Satellite 5.7.0 Installer for RHEL-6.
- Depending on your installation requirements, either burn the DVD ISO image to DVD media, or copy it to the host on which Red Hat Satellite will be installed.Run the following command on the host containing the DVD ISO image to copy it to the Satellite host. In this example, the ISO image is copied to the directory
/root
.# scp satellite.iso root@hostname:/root
If you will be installing Red Hat Satellite from a DVD, burn the download ISO image to a writeable DVD.
4.1.2. Mounting the Installation Media
Procedure 4.2. Mounting from a disc
- Log into the machine as
root
. - Insert the Red Hat Satellite Server CD or DVD containing the installation files.
- Red Hat Enterprise Linux might automount the disc. If so, it mounts the disc to the
/media/cdrom/
directory. If Red Hat Enterprise Linux does not automount the disc, manually mount it to the/media/cdrom/
directory with the following command:# mkdir /media/cdrom # mount /dev/cdrom /media/cdrom
Procedure 4.3. Mounting from an ISO image
- Log into the host as
root
. - Mount the ISO image to a location on your filesystem:
# mkdir /media/cdrom # mount -o loop iso_filename /media/cdrom
/media/cdrom/
. Use this location to access the Red Hat Satellite installation program.
4.1.3. Installing Behind a HTTP Proxy: Pre-Configuration (Optional)
Note
/etc/rhsm/rhsm.conf
, and edit the following lines, adding details of the HTTP proxy, and credentials.
proxy_hostname = proxy_hostname proxy_port = proxy_port proxy_user = proxy_user proxy_password = proxy_password
4.1.4. Registering Host with Red Hat Content Delivery Network
# subscription-manager register
The system has been registered with ID: 541084ff2-44cab-4eb1-9fa1-7683431bcf9a
4.1.5. Activating the Red Hat Enterprise Linux Repository
Procedure 4.4. Activate the Red Hat Enterprise Linux Repository
- List all available subscriptions, and identify the Red Hat Satellite 5 subscription.The list of available subscriptions may be long, but if you pipe the output into a pager utility, such as
less
ormore
, you can read the output one screenful at a time.# subscription-manager list --all --available | less
Note thePool ID
as this is required to attach the subscription. - Attach the subscription to the Red Hat Satellite host.
# subscription-manager attach --pool=pool_id
The output should be similar to the following:Successfully attached a subscription for: Red Hat Satellite
- Disable all repositories.
# subscription-manager repos --disable "*"
- Enable the Red Hat Enterprise Linux 6 repository.For AMD64 and Intel 64
# subscription-manager repos --enable=rhel-6-server-rpms
For IBM System z# subscription-manager repos --enable=rhel-6-for-system-z-rpms
4.1.6. Running the Installation Program
root
user.
Warning
Procedure 4.5. Running the Installation Program
- Run the installation program from the
/media/cdrom/
directory:# ./install.pl --disconnected
Note
The--disconnected
option is required to prevent the installation program attempting to connect to Red Hat Network. - The script first verifies the prerequisites Chapter 2, Requirements are met before proceeding with the installation.
* Starting the Red Hat Satellite installer. * Performing pre-install checks. * Pre-install checks complete. Beginning installation.
- The script performs host registration with Red Hat Subscription Manager (if not already done), installs and updates all required packages, and populates the database on the Managed Database host.If the installer prompts with the question, "Do you want the installer to resolve dependencies [y/N]?", reply
y
.* RHN Registration. ** Registration: Disconnected mode. Not registering with RHN. * Checking for uninstalled prerequisites. ** Checking if yum is available ... There are some packages from Red Hat Enterprise Linux that are not part of the @base group that Satellite will require to be installed on this system. The installer will try resolve the dependencies automatically. However, you may want to install these prerequisites manually. Do you want the installer to resolve dependencies [y/N]? y * Installing RHN packages. Warning: yum did not install the following packages: OpenIPMI OpenIPMI-libs lm_sensors-libs net-snmp-libs * Now running spacewalk-setup. * Setting up SELinux.. ** Database: Setting up database connection for PostgreSQL backend. ** Database: Installing the database: ** Database: This is a long process that is logged in: ** Database: /var/log/rhn/install_db.log *** Progress: # ** Database: Installation complete. ** Database: Populating database. ** Database: Populating database. *** Progress: ####################################
4.1.7. Configuring the Satellite
/root/.gnupg/
directory, if required.
* Configuring tomcat. * Setting up users and groups. ** GPG: Initializing GPG and importing key.
* Performing initial configuration. * Activating Red Hat Satellite. Where is your satellite certificate file? /root//root/certificate.xml ** Loading Red Hat Satellite Certificate. ** Verifying certificate locally. ** Activating Red Hat Satellite.
y
to the Apache SSL configuration question, then answer the CA certificate questions.
- CA cert
- Enter a password for the certificate.
- Organization
- Enter the name of your organization.
- Organization Unit
- Enter the name of your department within your organization.
- Email Address
- Enter an email address to be associated with this certificate, such as the admin email entered in the steps above.
- City
- Enter your city.
- State
- Enter your state.
- Country
- Enter your country. The country code must be exactly two letters, or the certificate generation fails. Type
?
to see a list of country codes.
* Configuring apache SSL virtual host. Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]? ** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave * Configuring jabberd. * Creating SSL certificates. CA certificate password? Re-enter CA certificate password? Organization? Red Hat Organization Unit [satellite.example.com]? Sales Email Address [admin@example.com]? admin@example.com City? Raleigh State? NC Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US ** SSL: Generating CA certificate. ** SSL: Deploying CA certificate. ** SSL: Generating server certificate. ** SSL: Storing SSL certificates. * Deploying configuration files. * Update configuration in database.
y
.
* Setting up Cobbler.. cobblerd does not appear to be running/accessible Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]?
* Restarting services. Installation complete. Visit https://satellite.example.com to create the Red Hat Satellite administrator account.
# setsebool -P cobbler_anon_write on
4.1.8. Post-Installation Tasks
- Activate the Satellite 5 repository.
- Update packages and the database schema.
- Switch Satellite to connected mode.
Procedure 4.6. Activate Satellite 5 Repository
- Enable the Satellite 5 repositoryFor AMD64 and Intel 64:
# subscription-manager repos --enable rhel-6-server-satellite-5.7-rpms
For IBM System z:# subscription-manager repos --enable=rhel-6-system-z-satellite-5.7-rpms
Procedure 4.7. Update Packages and the Database Schema
- For detailed instructions, follow the procedure in Section 13.2, “Performing Critical Updates to the Server”.
Procedure 4.8. Switch Satellite to Connected Mode
- Edit the Red Hat Network configuration file
/etc/rhn/rhn.conf
and make the following changes: - Edit the
server.satellite.rhn_parent
line as follows.# server.satellite.rhn_parent = satellite.rhn.redhat.com
- Change the line
disconnected=1
todisconnected=0
.disconnected=0
- Validate the configuration changes.
# spacewalk-cfg-get get server disconnected
The expected output is0
, confirming that disconnected mode is not enabled.# spacewalk-cfg-get get server.satellite rhn_parent
The expected output issatellite.rhn.redhat.com
.
- Reactivate the Satellite Server. The
rhn-satellite-activate
command requires the entitlement certificate. In this example, the certificateSatellite-57.cert
is used.# rhn-satellite-activate -vvv --rhn-cert=Satellite-57.cert RHN_PARENT: satellite.rhn.redhat.com
4.2. Scenario 2: Managed Database Installation
- One host for the Satellite Server
- One host for the Managed Database
4.2.1. Downloading the Installation Media
Procedure 4.9. Download the Installation Media
- Log on to the Red Hat Customer Portal.
- Click Downloads.
- Click Red Hat Satellite.
- Select 5.7 for RHEL 6 from the Version drop-down list.
- Select x86_64 or s390x from the Architecture list.
- Download the Satellite 5.7.0 Installer for RHEL-6.
- Depending on your preferred installation source, either copy the DVD ISO image to the Satellite host, or burn it to DVD media.
- If you will be mounting the ISO image and running the installation program from there, copy the ISO image to both the Satellite host and the Managed DB host.
# scp satellite.iso root@satellite_hostname:/root # scp satellite.iso root@manageddb_hostname:/root
- If you will be mounting a DVD and running the installation program from there, burn the DVD ISO image to DVD media.
4.2.2. Mounting the Installation Media
Note
Procedure 4.10. Mounting from a disc
- Log into the host as
root
. - Insert the Red Hat Satellite Server CD or DVD containing the installation files.
- Red Hat Enterprise Linux might automount the disc. If so, it mounts the disc to the
/media/cdrom/
directory. If Red Hat Enterprise Linux does not automount the disc, manually mount it to the/media/cdrom/
directory with the following command:# mkdir /media/cdrom # mount /dev/cdrom /media/cdrom
Procedure 4.11. Mounting from an ISO image
- Log into the host as
root
. - Mount the ISO image to a location on your filesystem:
# mkdir /media/cdrom # mount -o loop iso_filename /media/cdrom
/media/cdrom/
. Use this location to access the Red Hat Satellite installation program.
4.2.3. Installing Behind a HTTP Proxy: Pre-Configuration (Optional)
Note
/etc/rhsm/rhsm.conf
, and edit the following lines, adding details of the HTTP proxy, and credentials.
proxy_hostname = proxy_hostname proxy_port = proxy_port proxy_user = proxy_user proxy_password = proxy_password
4.2.4. Registering Host with Red Hat Content Delivery Network
Note
# subscription-manager register
The system has been registered with ID: 541084ff2-44cab-4eb1-9fa1-7683431bcf9a
4.2.5. Activating the Red Hat Enterprise Linux Repository
Note
Procedure 4.12. Activate the Red Hat Enterprise Linux Repository
- List all available subscriptions, and identify the Red Hat Satellite 5 subscription.The list of available subscriptions may be long, but if you pipe the output into a pager utility, such as
less
ormore
, you can read the output one screenful at a time.# subscription-manager list --all --available | less
Note thePool ID
as this is required to attach the subscription. - Attach the subscription to the Red Hat Satellite host.
# subscription-manager attach --pool=pool_id
The output should be similar to the following:Successfully attached a subscription for: Red Hat Satellite
- Disable all repositories.
# subscription-manager repos --disable "*"
- Enable the Red Hat Enterprise Linux 6 repository.For AMD64 and Intel 64
# subscription-manager repos --enable=rhel-6-server-rpms
For IBM System z# subscription-manager repos --enable=rhel-6-for-system-z-rpms
4.2.6. Installing the Managed Database
Note
Procedure 4.13. Installing the Managed Database
- Log into the host to be used for the Managed Database as the
root
user. - Navigate to the directory containing the Satellite installation program.
# cd /media/cdrom
- Run the installation program from the
/media/cdrom/
directory, with the--managed-db
and--disconnected
options.# ./install.pl --managed-db --disconnected
Note
The--disconnected
option is required to prevent the installation program attempting to connect to Red Hat Network. - The installation program asks for the following information.
- Database name
- Database user
- Database password
- A comma-separated list of local addresses to listen. Leave blank for all addresses.
- A comma-separated list of remote addresses in address/netmask format. The Managed Database allows connections from these addresses.
Database name: mydb Database user: mydbuser Database password: mydbpassword Local addresses to listen on (comma-separated, RETURN for all): 127.0.0.1 Remote addresses to allow connection from (address/netmask format, comma-separated): 192.168.1.10/32 Initializing database: [ OK ] Starting postgresql service: [ OK ]
- The installation program installs the necessary packages for your Managed Database. This includes a set of management tools for the database.
- The installation program also prepares the database for your Red Hat Satellite installation.
4.2.7. Running the Installation Script
root
user.
Warning
Procedure 4.14. Running the Installation Program
- Run the installation program from the
/media/cdrom/
directory, with the--external-postgresql
and--disconnected
options.# ./install.pl --external-postgresql --disconnected
Note
The--disconnected
option is required to prevent the installation program attempting to connect to Red Hat Network. - The script first verifies the prerequisites Chapter 2, Requirements are met before proceeding with the installation.
* Starting the Red Hat Satellite installer. * Performing pre-install checks. * Pre-install checks complete. Beginning installation.
The script performs host registration with Red Hat Subscription Manager (if not already done), installs and updates all required packages, and populates the database on the Managed Database Host. - If the installation program prompts with the question, "Do you want the installer to resolve dependencies [y/N]?", reply
y
(Yes).* RHN Registration. ** Registration: Disconnected mode. Not registering with RHN. * Checking for uninstalled prerequisites. ** Checking if yum is available ... There are some packages from Red Hat Enterprise Linux that are not part of the @base group that Satellite will require to be installed on this system. The installer will try resolve the dependencies automatically. However, you may want to install these prerequisites manually. Do you want the installer to resolve dependencies [y/N]? y * Installing RHN packages. Warning: yum did not install the following packages: OpenIPMI OpenIPMI-libs lm_sensors-libs net-snmp-libs * Now running spacewalk-setup. * Setting up SELinux.. ** Database: Setting up database connection for PostgreSQL backend. Hostname (leave empty for local)? mydb.example.com Port [5432]? Database? db Username? dbuser Password? password ** Database: Populating database. *** Progress: ###################################
4.2.8. Configuring the Satellite
/root/.gnupg/
directory, if required.
* Configuring tomcat. * Setting up users and groups. ** GPG: Initializing GPG and importing key.
* Activating Red Hat Satellite. Where is your satellite certificate file? /root/certificate.xml ** Loading Red Hat Satellite Certificate. ** Verifying certificate locally. ** Activating Red Hat Satellite.
y
to the Apache SSL configuration question, then answer the CA certificate questions.
- CA cert
- Enter a password for the certificate.
- Organization
- Enter the name of your organization.
- Organization Unit
- Enter the name of your department within your organization.
- Email Address
- Enter an email address to be associated with this certificate, such as the admin email entered in the steps above.
- City
- Enter your city.
- State
- Enter your state.
- Country
- Enter your country. The country code must be exactly two letters, or the certificate generation fails. Type
?
to see a list of country codes.
* Configuring apache SSL virtual host. Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]? ** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave * Configuring jabberd. * Creating SSL certificates. CA certificate password? Re-enter CA certificate password? Organization? Red Hat Organization Unit [satellite.example.com]? Sales Email Address [admin@example.com]? admin@example.com City? Raleigh State? NC Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US ** SSL: Generating CA certificate. ** SSL: Deploying CA certificate. ** SSL: Generating server certificate. ** SSL: Storing SSL certificates. * Deploying configuration files. * Update configuration in database.
y
.
* Setting up Cobbler.. cobblerd does not appear to be running/accessible Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]?
* Restarting services. Installation complete. Visit https://satellite.example.com to create the Red Hat Satellite administrator account.
# setsebool -P cobbler_anon_write on
4.2.9. Post-Installation Tasks
- Activate the Satellite 5 repository.
- Update packages and the database schema.
- Switch Satellite to connected mode.
Procedure 4.15. Activate Satellite 5 Repository
- Enable the Satellite 5 repositoryFor AMD64 and Intel 64:
# subscription-manager repos --enable rhel-6-server-satellite-5.7-rpms
For IBM System z:# subscription-manager repos --enable=rhel-6-system-z-satellite-5.7-rpms
Procedure 4.16. Update Packages and the Database Schema
- For detailed instructions, follow the procedure in Section 13.2, “Performing Critical Updates to the Server”.
Procedure 4.17. Switch Satellite to Connected Mode
- Edit the Red Hat Network configuration file
/etc/rhn/rhn.conf
and make the following changes: - Edit the
server.satellite.rhn_parent
line as follows.# server.satellite.rhn_parent = satellite.rhn.redhat.com
- Change the line
disconnected=1
todisconnected=0
.disconnected=0
- Validate the configuration changes.
# spacewalk-cfg-get get server disconnected
The expected output is0
, confirming that disconnected mode is not enabled.# spacewalk-cfg-get get server.satellite rhn_parent
The expected output issatellite.rhn.redhat.com
.
- Reactivate the Satellite Server. The
rhn-satellite-activate
command requires the entitlement certificate. In this example, the certificateSatellite-57.cert
is used.# rhn-satellite-activate -vvv --rhn-cert=Satellite-57.cert RHN_PARENT: satellite.rhn.redhat.com
4.3. Scenario 3: Installing Satellite with External Database
- One Red Hat Enterprise Linux host for the Satellite Server
- One host containing your External Database. This database must adhere to the requirements outlined in Section 4.3.1, “External Database Requirements”.
4.3.1. External Database Requirements
- PostgreSQL 9.2
- Oracle Database 11g Standard and Enterprise Edition
- Oracle Database 10g Release 2 Standard and Enterprise Edition
Note
Important
4.3.1.1. PostgreSQL Database Requirements
- postgresql92
- postgresql92-postgresql
- postgresql92-postgresql-contrib
- postgresql92-postgresql-libs
- postgresql92-postgresql-server
- postgresql92-postgresql-pltcl
Note
# subscription-manager repo --enable=rhel-server-rhscl-6-rpms # yum install postgresql92 postgresql92-postgresql postgresql92-postgresql-contrib postgresql92-postgresql-libs postgresql92-postgresql-server postgresql92-postgresql-pltcl
# service postgresql92-postgresql initdb # service postgresql92-postgresql start # chkconfig postgresql92-postgresql on
postgres
user and run PostgreSQL through the Software Collections tool:
# su postgres bash-4.1$ scl enable postgresql92 'psql'
postgres=# CREATE USER mydbuser WITH PASSWORD 'mydbpassword'; postgres=# ALTER USER mydbuser WITH SUPERUSER; postgres=# CREATE DATABASE mydb OWNER mydbuser; postgres=# \q
Important
root
user and edit the /opt/rh/postgresql92/root/var/lib/pgsql/data/pg_hba.conf
file:
bash-4.1$ exit # vi /opt/rh/postgresql92/root/var/lib/pgsql/data/pg_hba.conf
host mydb mydbuser 192.168.1.0/24 md5
mydb
database using the mydbuser
from any system on the 192.168.1.0/24
network. The accepted authentication must also use an MD5-encrypted password.
/opt/rh/postgresql92/root/var/lib/pgsql/data/postgresql.conf
.
listen_addresses = '*' bytea_output = 'escape'
listen_addresses
parameter opens communication to the database from other systems. The bytea_output
parameter sets the correct encoding for bytea datatypes. Without this parameter, Satellite's Taskomatic service fails.
# service postgresql92-postgresql restart
4.3.1.2. Oracle Database Requirements
- ALTER SESSION
- CREATE SEQUENCE
- CREATE SYNONYM
- CREATE TABLE
- CREATE VIEW
- CREATE PROCEDURE
- CREATE TRIGGER
- CREATE TYPE
- CREATE SESSION
- SELECT ON V_$PARAMETER
Warning
- Security Identifier (SID)
- Listener Port
- Username
- UTF-8 character set
Important
- Uniform Extent Size
- Auto Segment Space Management
Important
4.3.2. Downloading the Installation Media
Procedure 4.18. Download the Installation Media
- Log on to the Red Hat Customer Portal.
- Click Downloads.
- Click Red Hat Satellite.
- Select 5.7 for RHEL 6 from the Version drop-down list.
- Select x86_64 or s390x from the Architecture list.
- Download the Satellite 5.7.0 Installer for RHEL-6.
- Depending on your installation requirements, either burn the DVD ISO image to DVD media, or copy it to the host on which Red Hat Satellite will be installed.Run the following command on the host containing the DVD ISO image to copy it to the Satellite host. In this example, the ISO image is copied to the directory
/root
.# scp satellite.iso root@hostname:/root
If you will be installing Red Hat Satellite from a DVD, burn the download ISO image to a writeable DVD.
4.3.3. Mounting the Installation Media
Procedure 4.19. Mounting from a disc
- Log into the machine as
root
. - Insert the Red Hat Satellite Server CD or DVD containing the installation files.
- Red Hat Enterprise Linux might automount the disc. If so, it mounts the disc to the
/media/cdrom/
directory. If Red Hat Enterprise Linux does not automount the disc, manually mount it to the/media/cdrom/
directory with the following command:# mkdir /media/cdrom # mount /dev/cdrom /media/cdrom
Procedure 4.20. Mounting from an ISO image
- Log into the host as
root
. - Mount the ISO image to a location on your filesystem:
# mkdir /media/cdrom # mount -o loop iso_filename /media/cdrom
/media/cdrom/
. Use this location to access the Red Hat Satellite installation program.
4.3.4. Installing Behind a HTTP Proxy: Pre-Configuration (Optional)
Note
/etc/rhsm/rhsm.conf
, and edit the following lines, adding details of the HTTP proxy, and credentials.
proxy_hostname = proxy_hostname proxy_port = proxy_port proxy_user = proxy_user proxy_password = proxy_password
4.3.5. Registering Host with Red Hat Content Delivery Network
# subscription-manager register
The system has been registered with ID: 541084ff2-44cab-4eb1-9fa1-7683431bcf9a
4.3.6. Activating the Red Hat Enterprise Linux Repository
Procedure 4.21. Activate the Red Hat Enterprise Linux Repository
- List all available subscriptions, and identify the Red Hat Satellite 5 subscription.The list of available subscriptions may be long, but if you pipe the output into a pager utility, such as
less
ormore
, you can read the output one screenful at a time.# subscription-manager list --all --available | less
Note thePool ID
as this is required to attach the subscription. - Attach the subscription to the Red Hat Satellite host.
# subscription-manager attach --pool=pool_id
The output should be similar to the following:Successfully attached a subscription for: Red Hat Satellite
- Disable all repositories.
# subscription-manager repos --disable "*"
- Enable the Red Hat Enterprise Linux 6 repository.For AMD64 and Intel 64
# subscription-manager repos --enable=rhel-6-server-rpms
For IBM System z# subscription-manager repos --enable=rhel-6-for-system-z-rpms
4.3.7. Running the Installation Script
root
user.
Warning
Procedure 4.22. Running the Installation Program
- Run the installation program from the
/media/cdrom/
directory. To install to an external PostgreSQL database:# ./install.pl --external-postgresql --disconnected
Or to install to an external Oracle database:# ./install.pl --external-oracle --disconnected
Note
The--disconnected
option is required to prevent the installation program attempting to connect to Red Hat Network. - The script first verifies the prerequisites Chapter 2, Requirements are met before proceeding with the installation.
* Starting the Red Hat Satellite installer. * Performing pre-install checks. * Pre-install checks complete. Beginning installation.
- The script performs host registration with Red Hat Subscription Manager (if not already done), installs and updates all required packages, and populates the database on the external database host.If the installer prompts with the question, "Do you want the installer to resolve dependencies [y/N]?", reply
y
.* RHN Registration. ** Registration: Disconnected mode. Not registering with RHN. * Checking for uninstalled prerequisites. ** Checking if yum is available ... There are some packages from Red Hat Enterprise Linux that are not part of the @base group that Satellite will require to be installed on this system. The installer will try resolve the dependencies automatically. However, you may want to install these prerequisites manually. Do you want the installer to resolve dependencies [y/N]? y * Installing RHN packages. Warning: yum did not install the following packages: OpenIPMI OpenIPMI-libs lm_sensors-libs net-snmp-libs * Now running spacewalk-setup. * Setting up SELinux.. ** Database: Setting up database connection for PostgreSQL backend. Database "rhnschema" does not exist ** Database: Installing the database: ** Database: This is a long process that is logged in: ** Database: /var/log/rhn/install_db.log Database name: mydb Database user: mydbuser Database password: mydbpassword Local addresses to listen on (comma-separated, RETURN for all): 127.0.0.1 Remote addresses to allow connection from (address/netmask format, comma-separated): 192.168.1.10/32 Initializing database: [ OK ] Starting postgresql service: [ OK ] *** Progress: ###########################
4.3.8. Configuring the Satellite
/root/.gnupg/
directory, if required.
* Configuring tomcat. * Setting up users and groups. ** GPG: Initializing GPG and importing key.
* Activating Red Hat Satellite. Where is your satellite certificate file? /root/certificate.xml ** Loading Red Hat Satellite Certificate. ** Verifying certificate locally. ** Activating Red Hat Satellite.
y
to the Apache SSL configuration question, then answer the CA certificate questions.
- CA cert
- Enter a password for the certificate.
- Organization
- Enter the name of your organization.
- Organization Unit
- Enter the name of your department within your organization.
- Email Address
- Enter an email address to be associated with this certificate, such as the admin email entered in the steps above.
- City
- Enter your city.
- State
- Enter your state.
- Country
- Enter your country. The country code must be exactly two letters, or the certificate generation fails. Type
?
to see a list of country codes.
* Configuring apache SSL virtual host. Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]? ** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave * Configuring jabberd. * Creating SSL certificates. CA certificate password? Re-enter CA certificate password? Organization? Red Hat Organization Unit [satellite.example.com]? Sales Email Address [admin@example.com]? admin@example.com City? Raleigh State? NC Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US ** SSL: Generating CA certificate. ** SSL: Deploying CA certificate. ** SSL: Generating server certificate. ** SSL: Storing SSL certificates. * Deploying configuration files. * Update configuration in database.
y
.
* Setting up Cobbler.. cobblerd does not appear to be running/accessible Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]?
* Restarting services. Installation complete. Visit https://satellite.example.com to create the Red Hat Satellite administrator account.
# setsebool -P cobbler_anon_write on
4.3.9. Post-Installation Tasks
- Activate the Satellite 5 repository.
- Update packages and the database schema.
- Switch Satellite to connected mode.
Procedure 4.23. Activate Satellite 5 Repository
- Enable the Satellite 5 repositoryFor AMD64 and Intel 64:
# subscription-manager repos --enable rhel-6-server-satellite-5.7-rpms
For IBM System z:# subscription-manager repos --enable=rhel-6-system-z-satellite-5.7-rpms
Procedure 4.24. Update Packages and the Database Schema
- For detailed instructions, follow the procedure in Section 13.2, “Performing Critical Updates to the Server”.
Procedure 4.25. Switch Satellite to Connected Mode
- Edit the Red Hat Network configuration file
/etc/rhn/rhn.conf
and make the following changes: - Edit the
server.satellite.rhn_parent
line as follows.# server.satellite.rhn_parent = satellite.rhn.redhat.com
- Change the line
disconnected=1
todisconnected=0
.disconnected=0
- Validate the configuration changes.
# spacewalk-cfg-get get server disconnected
The expected output is0
, confirming that disconnected mode is not enabled.# spacewalk-cfg-get get server.satellite rhn_parent
The expected output issatellite.rhn.redhat.com
.
- Reactivate the Satellite Server. The
rhn-satellite-activate
command requires the entitlement certificate. In this example, the certificateSatellite-57.cert
is used.# rhn-satellite-activate -vvv --rhn-cert=Satellite-57.cert RHN_PARENT: satellite.rhn.redhat.com
Chapter 5. Configuration
5.1. Create Administrator Account
5.2. Configure Red Hat Satellite
5.2.1. General
5.2.2. Certificate
5.2.3. Bootstrap
/var/www/html/pub/bootstrap/
directory of Red Hat Satellite, significantly reduces the effort involved in reconfiguring all systems, which by default obtain packages from the central Red Hat Network Servers. The required fields are pre-populated with values derived from previous installation steps. Ensure this information is accurate.
5.2.4. Organizations
5.2.5. Restart
5.2.6. Cobbler Rebuild
5.3. Message Transfer Agent (MTA) Configuration
Note
5.3.1. Sendmail
- Create a symbolic link allowing sendmail to run the notification enqueuer with the following command:
# ln -s /usr/bin/ack_enqueuer.pl /etc/smrsh/.
- Edit the
/etc/aliases
file on the mail server and add the following line:rogerthat01: "| /etc/smrsh/ack_enqueuer.pl"
- Edit the
/etc/mail/sendmail.mc
file and change:"DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl"
to:"DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl"
- Process the alias with the following command:
# newaliases
- Update the
sendmail-cf
package:# yum update sendmail-cf
- Restart sendmail:
# service sendmail restart
5.3.2. Postfix
- Create a symbolic link allowing postfix to run the notification enqueuer with the following command:
# ln -s /usr/bin/ack_enqueuer.pl /etc/smrsh/.
- Edit the
/etc/aliases
file on the mail server and add the following line:rogerthat01: "| /etc/smrsh/ack_enqueuer.pl"
- Ensure the following line exists in your
/etc/postfix/main.cf
file and change:inet_interfaces = all
- Process the alias with the following command:
# newaliases
- Restart postfix:
# service postfix restart
5.4. Monitoring Configuration
mysql-server
package either through the Red Hat Network website or with yum
.
mysql-server
package to be installed and run successfully. Once finished, use your Red Hat Satellite to schedule MySQL probes.
5.5. Configuring the PostgreSQL Database to use SSL
server.crt
- Signed certificateserver.key
- Private key for certificateroot-ca.cert
- Certificate of root-ca that signed the certificate
[root@satellite ~]# spacewalk-service stop
Procedure 5.1. Configuring SSL on the database server
- Login to the database server as
root
. - Copy your signed certificate and private key to the required locations on the database server:
[root@database~]# cp server.{key,crt} /opt/rh/postgresql92/root/var/lib/pgsql/data/. [root@database~]# chown postgres:postgres /opt/rh/postgresql92/root/var/lib/pgsql/data/server.{key,crt} [root@database~]# chmod 0400 /opt/rh/postgresql92/root/var/lib/pgsql/data/server.key
- Edit the
postgresql.conf
file and add the following option:ssl=on
- Edit the
pg_hba.conf
file. This file is a permissions file for restricting access to the database. Look for a line similar to the following:host mydb mydbuser 192.168.122.0/24 md5
This line should contain your database name, database user, and IP address or range that allows connections. Change thehost
option tohostssl
:hostssl mydb mydbuser 192.168.122.0/24 md5
This changes the incoming communication protocol to use SSL and refuse any unencrypted PostgreSQL connections. - Restart the
postgresql
service so the changes take effect:[root@database~]# service postgresql92-postgresql restart
Procedure 5.2. Configuring SSL on the Satellite server
- Login to the Satellite server as
root
. - Copy your
root-ca.cert
certificate to the following location:[root@satellite ~]# cp root-ca.cert /etc/rhn/postgresql-db-root-ca.cert
- Edit the
/etc/rhn/rhn.conf
file and add the following option:db_ssl_enabled = 1
- Add the certificate to Satellite's Java web server keystore:
[root@satellite ~]# openssl x509 -in /etc/rhn/postgresql-db-root-ca.cert -out server.der -outform der [root@satellite ~]# keytool -keystore /etc/rhn/javatruststore.jks -alias postgresql -import -file server.der [root@satellite ~]# rm server.der
Important
The/etc/rhn/javatruststore.jks
requires a password for any modifications to the keystore. Change this password if necessary using the following command:[root@satellite ~]# keytool -storepasswd -keystore /etc/rhn/javatruststore.jks
- Restore the SELinux context of the new certificate files:
[root@satellite ~]# restorecon -R -F -v /etc/rhn/
- Start the Satellite services:
[root@satellite ~]# spacewalk-service start
Chapter 6. Authentication
6.1. Implementing PAM Authentication
Note
pam-devel
package.
# yum install pam-devel
selinux-policy-targeted
package.
# yum update selinux-policy-targeted
Procedure 6.1. Configuring Red Hat Satellite to use PAM
- Set the
allow_httpd_mod_auth_pam
SELinux boolean to on:# setsebool -P allow_httpd_mod_auth_pam 1
- Open the
/etc/rhn/rhn.conf
file in your preferred text editor, and add the following line:pam_auth_service = rhn-satellite
Create a PAM service file in the/etc/pam.d/
directory:# touch /etc/pam.d/rhn-satellite
- Edit the file and add one of the following, depending on your authentication method:
Example 6.1. SSSD Authentication
#%PAM-1.0 auth required pam_env.so auth sufficient pam_sss.so auth required pam_deny.so account sufficient pam_sss.so account required pam_deny.so
Example 6.2. Kerberos Authentication
#%PAM-1.0 auth required pam_env.so auth sufficient pam_krb5.so no_user_check auth required pam_deny.so account required pam_krb5.so no_user_check
Example 6.3. LDAP Authentication
#%PAM-1.0 auth required pam_env.so auth sufficient pam_ldap.so no_user_check auth required pam_deny.so account required pam_ldap.so no_user_check
For more detail about configuring PAM, see the Pluggable Authentication Modules (PAM) in the Red Hat Enterprise Linux Deployment Guide.Note
For Kerberos-authenticating users, change the password by usingkpasswd
. Do not change the password on Red Hat Satellite web application as this method only changes the local password on the Satellite server. Local passwords are not in use if PAM is enabled for that user. - Restart the service to pick up the changes:
# rhn-satellite restart
- To enable a user to authenticate against PAM, select the checkbox labeled Pluggable Authentication Modules (PAM). It is positioned below the password and password confirmation fields on the Create User page.
6.2. Using Identity Management for Authentication
- Kerberos authentication in the WebUI
- Users do not need to be pre-created in Satellite database
- The PAM authentication can be enabled for all users
- User roles can be derived from user group membership in the external identity provider
- System Groups administrators can be derived from user group membership in the external identity provider per Organization
Note
rhn_register
, rhnreg_ks
, spacecmd
, rhncfg-manager
and the Satellite 5 API can not use IPA authentication.
6.2.1. Requirements
- A configured Satellite Server. The following instructions will use the host name
satellite.example.com
to denote the Satellite server. - A configured IPA/IdM Server on Red Hat Enterprise Linux 6 or 7. The following instructions will use the host name
ipa.example.com
to denote the IPA server. - Installation of additional packages on the Satellite server. Use the following command to install these packages from the standard Red Hat Enterprise Linux 6 and 7 repositories:
[root@satellite ~]# yum install ipa-client ipa-admintools sssd sssd-dbus mod_auth_kerb mod_authnz_pam mod_lookup_identity mod_intercept_form_submit -y
- The latest version of the
selinux-policy
package to ensure the latest SELinux Booleans are added. You can update this package with the following command:[root@satellite ~]# yum update selinux-policy -y
6.2.2. Enrolling the Satellite Server
ipa-client-install
command. This will step through the required configuration options to enrol the Satellite server.
[root@satellite ~]# ipa-client-install Provide the domain name of your IPA server (ex: example.com): example.com Provide your IPA server name (ex: ipa.example.com): ipa.example.com Hostname: satellite.example.com Realm: EXAMPLE.COM DNS Domain: example.com IPA Server: ipa.example.com BaseDN: dc=example,dc=com Continue to configure the system with these values? [no]: yes User authorized to enroll computers: admin Synchronizing time with KDC... Password for admin@EXAMPLE.COM: *********
ipa service-add
command:
[root@satellite ~]# kinit admin [root@satellite ~]# ipa service-add HTTP/satellite.example.com -------------------------------------------------- Added service "HTTP/satellite.example.com@EXAMPLE.COM" -------------------------------------------------- Principal: HTTP/satellite.example.com@EXAMPLE.COM Managed by: satellite.example.com
6.2.3. Using the IPA Authentication Setup Tool
spacewalk-setup-ipa-authentication
, which configures your Satellite server to use IPA Authentication. The tool performs the following steps:
- Configures Kerberos authentication on the Satellite server
- Configures SSSD services on the Satellite server
- Configures Satellite webservers to communicate with SSSD and observe PAM authentication
[root@satellite ~]# spacewalk-setup-ipa-authentication
6.2.4. Finalizing Authentication Configuration
6.2.5. Configuring IPA to Use Multiple Organizations (Optional)
ou
) in the IPA server.
6.2.6. Configuring IPA to Use Groups (Optional)
- External Group Name - Enter the name of the group from the IPA server.
- Administrative Roles and Roles - Select roles to assign to the group. For example, assign the Channel Administrator.
Chapter 7. Entitlements
7.1. Red Hat Satellite Activate
rhn-satellite-activate
). This tool is included with the installation as part of the spacewalk-backend-tools
package.
rhn-satellite-activate
tool offers several command line options for activating Red Hat Satellite using its Red Hat Entitlement Certificate:
Option | Description |
---|---|
-h , --help | Display the help screen with a list of options. |
--sanity-only | Confirm certificate sanity. Does not activate the Red Hat Satellite locally or remotely. |
--disconnected | Activates locally but not on remote Red Hat servers. |
--rhn-cert=/PATH/TO/CERT | Uploads new certificate and activates the Red Hat Satellite based upon the other options passed (if any). |
--systemid=/PATH/TO/SYSTEMID | For testing only - Provides an alternative system ID by path and file. The system default is used if not specified. |
--no-ssl | For testing only - Disable SSL. |
rhn-satellite-activate
command.
7.2. Activate Red Hat Satellite with a New Entitlement Certificate
- Validate the Red Hat Satellite Entitlement Certificate's sanity (or usefulness).
- Insert the Red Hat Satellite Entitlement Certificate into the local database to activate the Satellite
- Activate Red Hat Satellite remotely by inserting the Red Hat Entitlement Certificate into the central Red Hat database. This is typically accomplished during local activation but might require a second step if you chose the
--disconnected
option.
Procedure 7.1. Activating Red Hat Satellite with a New Entitlement Certificate
- To validate the Red Hat Entitlement Certificate's sanity only:
rhn-satellite-activate --sanity-only --rhn-cert=/path/to/demo.cert
- To validate the Red Hat Entitlement Certificate and populate the local database:
rhn-satellite-activate --disconnected --rhn-cert=/path/to/demo.cert
Or to validate the Red Hat Entitlement Certificate and populate both the local and the Red Hat database:rhn-satellite-activate --rhn-cert=/path/to/demo.cert
7.3. Entitlement Certificate Expiration
- Red Hat Satellite remains active, but content cannot be synchronized with the Red Hat Content Delivery Network.
- A banner displays on the Overview page for each user that logs into Red Hat Satellite's web interface. This banner states the certificate has expired.
- Once a day, for all seven days, the Red Hat Satellite Administrator's receives an email notification regarding certificate expiration.
rhn-satellite-activate
. During this period, Satellite has limited functionality mainly for entitlement changes and operates in a read only mode.
Chapter 8. Virtualization Agent (virt-who)
8.1. Setting up the Virtualization Agent
- Red Hat Enterprise Linux 6 or above.
- Access to both the Red Hat Satellite and the hypervisor on port 443, TCP. In addition, you must create a user in your virtualization environment so that the Virtualization Agent can read information about hypervisors and guests. This can be a user with read-only permission.
- The system must be registered to either Red Hat Content Delivert Network directly or the Red Hat Satellite and subscribed to the RHN Tools channel.
- Login as root on the Red Hat Satellite.
- Install the virt-who package:
# yum install virt-who
- Edit the following entries in the
/etc/sysconfig/virt-who
file:# Start virt-who on background, perform doublefork and monitor for virtual guest # events (if possible). It is NOT recommended to turn off this option for # starting virt-who as service. VIRTWHO_BACKGROUND=1 # Enable debugging output. # optional VIRTWHO_DEBUG=1 # virt-who subscription manager backend, enable ony one option from following 2: # Report to Subscription Asset Manager (SAM) VIRTWHO_SAM=0 # Report to Satellite VIRTWHO_SATELLITE=1
Edit the virtualization options for your virtualization environment type. For example, for Red Hat Enterprise Virtualization:# Register guests using RHEV-M VIRTWHO_RHEVM=1 # Options for RHEV-M mode VIRTWHO_RHEVM_ENV=not-used VIRTWHO_RHEVM_SERVER=server_hostname_or_IP VIRTWHO_RHEVM_USERNAME=server_login VIRTWHO_RHEVM_PASSWORD=server_password
For VMware ESX:# Register ESX machines using vCenter VIRTWHO_ESX=1 # Option for ESX mode VIRTWHO_ESX_ENV=not-used VIRTWHO_ESX_OWNER=organization_id VIRTWHO_ESX_SERVER=server_hostname_or_IP VIRTWHO_ESX_USERNAME=server_login VIRTWHO_ESX_PASSWORD=server_password
Note
The user for accessing the virtualization environment only requires read-only permissions. For security, create a new user in your virtualization environment with read-only permissions and nothing else.Finally, edit the Satellite options and enter your server details:# Option for Satellite backend VIRTWHO_SATELLITE_SERVER=satellite_hostname VIRTWHO_SATELLITE_USERNAME=username VIRTWHO_SATELLITE_PASSWORD=password
- Start the virt-who service:
service virt-who start
Starting the virt-who service will gather the host/guest UUID information and send the information to the Satellite. It will also scan the/var/lib/virt-who/hypervisor-systemid-[UUID]
file to check if the hypervisor has already been registered to the Red Hat Satellite. If it does, the existing hypervisor system information on the Red Hat Satellite is updated. If it does not exist on the Satellite, the new hypervisor wil be registered.
Note
/var/lib/virt-who/hypervisor-systemid-UUID
, and the hypervisor needs to be manually removed via the satellite web UI.
/etc/virt-who.d/
instead of adding details for a single configuration in the /etc/sysconfig/virt-who
file. For example:
[test-esx-1] type=esx server=10.1.1.1 username=admin password=password [test-esx-2] type=esx server=10.1.2.1 username=admin password=password
8.1.1. VMware Configuration Scenario
virtwho-readonly-user
account in Active Directory and provide access to vCenter:
- Run the Active Directory Users and Computers program on your Windows machine with a user that has rights to add users into your domain. Create a user named
virtwho-readonly-user
. - Log in to vSphere Web Client using an account with administrator privileges.
- Navigate to→ → → .
Figure 8.1. Navigate to Single Sign-On Configuration
- Navigate to the plus icon, and select the Active Directory identity source. This adds Active Directory identity source, including thetab, press the
virtwho-readonly-user
user.Figure 8.2. Add the Identity Source
- Navigate to→ and select the vCenter to grant access to
virtwho-readonly-user
.Figure 8.3. Navigate to vCenter
- Navigate to plus icon to open the Add Permission dialog.→ and press the
Figure 8.4. Click the plus icon
- Select the
virtwho-readonly-user
. - Select the Read-only role.
- Click OK to save the permissions.
- Log out and test the
virtwho-readonly-user
in vCenter. Make sure the inventory shows the resources thatvirtwho-readonly-user
can access.
- Log in to the Satellite server and install virt-who:
# yum install virt-who
- Edit the
/etc/sysconfig/virt-who
file and use the following options:# virt-who options VIRTWHO_BACKGROUND=1 VIRTWHO_DEBUG=1 # Enable virt-who with VMware VIRTWHO_ESX=1 # Options for ESX mode VIRTWHO_ESX_ENV=not-used VIRTWHO_ESX_OWNER=[organization_id] VIRTWHO_ESX_SERVER=vcenter.example.com VIRTWHO_ESX_USERNAME=DOMAIN\\virtwho-readonly-user VIRTWHO_ESX_PASSWORD=******* # Report to Satellite VIRTWHO_SAM=0 VIRTWHO_SATELLITE=1
Make sure to replace [organization_id] with the ID of your target organization on your Satellite server. - Start and enable the virt-who service:
# service virt-who start # chkconfig virt-who on
8.2. Setting up Guests
- Download the SSL cert from the Satellite to the guest system:
# rpm -Uvh https://satellite_hostname.example.com/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
- Edit the following entries in the
/etc/sysconfig/rhn/up2date
:serverURL=https://satellite.hostname.example.com/XMLRPC sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
- Register the guest to the Satellite by running the command:
# rhnreg_ks --username sat_username --password sat_password
8.3. Verifying the Setup
- Log in to the Satellite.
- Click onto go to the Systems Overview page.
- Click on a system name.
- Check the following information on the System Details page:
- Checked-In Time - this field should update every time virt-who is run.
- System ID - this should match the system ID of the guest client in the hypervisor.
- Guests - this column is located in thesubtab. All guest machines from the hypervisor should be listed in this section:
- Systems that are not registered to the Satellite will appear as "virtual machine from [VMTYPE] hypervisor [UUID]" For example, "VM from esx hypervisor 92ffdfd8-14a2-11e3-ad37-a213e27ebfdc"
- Systems that are registered to the Satellite will reflect the name given at registration and will link to the Satellite's records of the registered system
Chapter 9. Content and Synchronization
- A successful Red Hat Satellite installation.
- The Red Hat Satellite requires access to one of the following content sources:
- The Red Hat Network website over the Internet.
- Red Hat Network Channel Content ISOs.
- Red Hat Satellite Exporter data.
9.1. Red Hat Satellite Synchronization Tool
satellite-sync
) enables an Red Hat Satellite to update its database metadata and RPM packages with various sources.
Important
satellite-sync
imports a large amount of data, especially on newly installed Red Hat Satellite servers. If your database has performance issues after a significant amount of data changes, consider gathering statistics on the database.
# satellite-sync
channel-families
- Import/synchronize channel family (architecture) data.channels
- Import/synchronize channel data.rpms
- Import/synchronize RPMs.packages
- Import/synchronize full package data for those RPMs retrieved successfully.errata
- Import/synchronize errata information.
rpms
step automatically ensures the channels
and channel-families
steps execute first. To initiate an individual step, use the --step
option.
# satellite-sync --step=rpms
--step
, the Red Hat Satellite Synchronization Tool provides other command line options. To use them, insert the option and the appropriate value after the satellite-sync
command when launching import/synchronization.
Option | Description |
---|---|
-h , --help | Display this list of options and exit. |
-d= , --db=DB | Include alternate database connect string: username/password@SID. |
-m= , --mount-point=MOUNT_POINT | Import/synchronization from local media mounted to the Red Hat Satellite server. Use in closed environments (such as those created during disconnected installs). |
--list-channels | List all available channels and exit. |
-c CHANNEL , --channel=CHANNEL_LABEL | Process data for this channel only. Multiple channels can be included by repeating the option. If no channels are specified, Red Hat Satellite updates all channels. |
-p, --print-configuration | Print the current configuration and exit. |
--no-ssl | Not Advisable - Turn off SSL. |
--step=STEP_NAME | Perform the synchronization process only to the step specified. Typically used in testing. |
--no-rpms | Do not retrieve actual RPMs. |
--no-packages | Do not process full package data. |
--no-errata | Do not process errata information. |
--no-kickstarts | Do not process kickstart data (provisioning only). |
--force-all-packages | Forcibly process all package data without conducting a diff. |
--debug-level=LEVEL_NUMBER | Override the amount of messaging sent to log files and generated on the screen set in /etc/rhn/rhn.conf , 0-6 (2 is default). |
--email | Email a report of what was imported/synchronized to the designated recipient of traceback email. |
--traceback-mail=TRACEBACK_MAIL | Direct synchronization output (from --email ) to this email address. |
-s= , --server=SERVER | Include the host name of an alternative server to which to connect for synchronization. |
--http-proxy=HTTP_PROXY | Add an alternative HTTP proxy server in the form hostname:port. |
--http-proxy-username=PROXY_USERNAME | Include the username for the alternative HTTP proxy server. |
--http-proxy-password=PROXY_PASSWORD | Include the password for the alternative HTTP proxy server. |
--ca-cert=CA_CERT | Use an alternative SSL CA certificate by including the full path and filename. |
--systemid=SYSTEM_ID | For debugging only - Include path to alternative digital system ID. |
--batch-size=BATCH_SIZE | For debugging only - Set maximum batch size in percent for XML/database-import processing. Open man satellite-sync for more information. |
9.2. Synchronization with Local Media
9.2.1. Preparing for Import from Local Media
Procedure 9.1. Obtain the Channel Content ISOs
- Log into the web interface.
- Click Channels in the top navigation bar.
- Click on the Red Hat Satellite channel. Ensure you select the Satellite channel that corresponds to your version of Satellite.
- Click the Downloads tab and use the instructions on the page to obtain the Channel Content ISOs, available by version of Red Hat Enterprise Linux.
- If the desired Channel Content ISOs do not appear, ensure your Red Hat Entitlement Certificate has been uploaded to Red Hat Network and correctly identifies the target channels.
Procedure 9.2. Mount and copy Channel Content ISOs
- Log into the machine as root.
- Create a directory in
/mnt/
to store the file(s) with the command:# mkdir /mnt/import/
- Mount the ISO file using the following command:
# mount [iso_filename] /mnt/import -o loop
- Create a target directory for the files:
# mkdir /var/rhn-sat-import/
- This sample command assumes the administrator wants to copy the contents of the ISO (mounted in
/mnt/import/
) into/var/rhn-sat-import/
:# cp -ruv /mnt/import/* /var/rhn-sat-import/
- Then unmount
/mnt/import
in preparation for the next ISO:# umount /mnt/import
- Repeat these steps for the channel content ISO file of every channel that you need to import separately. Do not use combined full or incremental sources of channel content ISOs.
9.2.2. Import from Local Media
/var/rhn-sat-import
.
- List the channels available for import.
# satellite-sync --list-channels --mount-point /var/rhn-sat-import
- Initiate the import of a specific channel using a channel label presented in the previous list.
# satellite-sync -c [channel-label] --mount-point /var/rhn-sat-import
Note
Importing package data can take up to two hours per channel. Register systems to channels as soon as they appear in the Red Hat Satellite web interface. No packages are necessary for registration, although updates cannot be retrieved from the Satellite until the channel is completely populated. - Repeat this step for each channel or include them all within a single command by passing each channel label preceded with an additional
-c
flag, like so:# satellite-sync -c [channel-label-1] -c [channel-label-2] --mount-point /var/rhn-sat-import
# cd /var/rhn-sat-import/; ls -alR | grep rpm
/var/rhn-sat-import/
repository.
# rm -rf /var/rhn-sat-import
9.3. Synchronization via Export
rhn-satellite-exporter
) tool exports content listing in an XML format, which a user imports into another Red Hat Satellite. Export the content into a chosen directory with the -d
option, transport the directory to another Red Hat Satellite, and use the Red Hat Satellite Synchronization Tool to import the contents. This synchronizes the two Red Hat Satellites so they contain identical content.
- Channel Families
- Architectures
- Channel metadata
- Blacklists
- RPMs
- RPM metadata
- Errata
- Kickstarts
- A successful Red Hat Satellite installation.
- Sufficient disk space in the directory specified in the
-d
option. This directory will contain the exported contents.
9.3.1. Performing an Export
root
:
# rhn-satellite-exporter -d /var/rhn-sat-export --no-errata --channel [channel_name]
rsync
or scp -r
.
rhn-satellite-exporter
command.
Option | Description |
---|---|
-d DIRECTORY, --dir=DIRECTORY | Place the exported information into this directory. |
-c CHANNEL_LABEL , --channel=CHANNEL_LABEL | Process data for this specific channel (specified by label) only. NOTE: the channel's *label* is NOT the same as the channel's *name*. |
--list-channels | List all available channels and exit. |
--list-steps | List all of the steps that rhn-satellite-exporter takes while exporting data. These can be used as values for --step. |
-p --print-configuration | Print the configuration and exit. |
--print-report | Print a report to the terminal when the export is complete. |
--no-rpms | Do not retrieve actual RPMs. |
--no-packages | Do not export RPM metadata. |
--no-errata | Do not process errata information. |
--no-kickstarts | Do not process kickstart data (provisioning only). |
--debug-level=LEVEL_NUMBER | Override the amount of messaging sent to log files and generated on the screen set in /etc/rhn/rhn.conf , 0-6 (2 is default). |
--start-date=START_DATE | The start date limit that the last modified dates are compared against. Must be in the format YYYYMMDDHH24MISS (for example, 20071225123000 ) |
--end-date=END_DATE | The end date limit that the last modified dates are compared against. Must be typed in the format YYYYMMDDHH24MISS (for example, 20071231235900 ) |
--make-isos=MAKE_ISOS | Create a channel dump ISO directory called satellite-isos (for example, --make-isos=cd or dvd ) |
--email | Email a report of what was exported and what errors may have occurred. |
--traceback-mail=EMAIL | Alternative email address for --email. |
--db=DB | Include alternate database connect string: username/password@SID. |
--hard-links | Export the RPM and kickstart files with hard links to the original files. |
rhn-satellite-exporter
to export data depends on the number and size of the exported channels. The --no-packages
, --no-kickstarts
, --no-errata
, and --no-rpms
options reduce the amount of time required for rhn-satellite-exporter
to run, but also prevents export of potentially useful information. For that reason, only use these options when certain the content is not required and can be excluded. Additionally, use the matching options for satellite-sync
when importing the data. For example, if you use --no-kickstarts
with rhn-satellite-exporter
, specify the same --no-kickstarts
option when importing the data.
9.3.2. Moving Exported Data
Procedure 9.3. Moving Exporter Content
- Log into the machine as
root
. - Create a target directory for the files, such as:
# mkdir /var/rhn-sat-import/
- Make the export data available on the local machine in the directory created in the previous step. Either copy the data directly, or mount the data from another machine using NFS. Copy the data into the new directory with the following command:
# scp -r root@storage.example.com:/var/rhn-sat-export/* /var/rhn-sat-import
9.3.3. Performing an Import
/var/rhn-sat-import
.
- List the channels available for import with the command:
# satellite-sync --list-channels --mount-point /var/rhn-sat-import
- Initiate the import of a specific channel using a channel label presented in the previous list. Run the following command :
# satellite-sync -c [channel-label] --mount-point /var/rhn-sat-import
Note
Importing package data can take up to two hours per channel. Register systems to channels as soon as they appear in the Red Hat Satellite web interface. No packages are necessary for registration, although updates cannot be retrieved from the Satellite until the channel is completely populated.Repeat this step for each channel or include them all within a single command by passing each channel label preceded by an additional-c
flag:# satellite-sync -c channel-label-1 -c channel-label-2 -mount-point /var/rhn-sat-import
- The population of channels executes until completion. Verify all of the packages are moved out of the repository with the following command:
# cd /var/rhn-sat-import/; ls -alR | grep rpm
If all RPMs are installed and moved to their permanent locations, the count appears as zero. If so, remove the temporary/var/rhn-sat-import/
repository.# rm -rf /var/rhn-sat-import
9.4. Synchronization with Red Hat Network
satellite-sync
command also synchronizes a connected Red Hat Satellite with Red Hat Network over the Internet. This updates database metadata and RPM packages directly from the Red Hat Network servers.
Procedure 9.4. Synchronize with Red Hat Network
- List available channels on your connected Red Hat Satellite using the
--list-channels
command.# satellite-sync --list-channels
- Synchronize with a Red Hat Network channel using the
-c
option.# satellite-sync -c [channel-label]
satellite-sync
options, see Section 9.1, “Red Hat Satellite Synchronization Tool”.
Chapter 10. Synchronization between Multiple Satellites
Note
ISS Requirements
- Two or more Red Hat Satellite servers
- At least one Red Hat Satellite populated with at least one channel
- Satellite Administrator privileges on all Satellite systems intended for ISS
10.1. Inter-Satellite Synchronization
spacewalk-sync-setup
. Both methods are effective, and it would be left to the user's choice on which one to use.
10.1.1. Manual Configuration
Procedure 10.1. Configuring the Master Satellite Server
satellite-sync
operations use this information to assign custom channel ownership to the Slave Organization which is mapped to a specific Master Organization. It can also map the trust relationships between the exposed Master Organization to matching Slave Organizations, creating the equivalent relationships on the Slave.
- On the Web Interface:
- Log in as the Satellite Administrator.
- Click→ → .
- On the top right-hand corner, click.
- Fill in the following information:
- Slave Fully Qualified Domain Name (FQDN)
- Allow Slave to Sync? - Choosing this field will allow the Slave Satellite to access this Master Satellite. Otherwise, contact with this Slave will be denied.
- Sync all orgs to Slave? - Checking this field will synchronize all organizations to the Slave Satellite.
Note
Choosing the Sync All Orgs to Slave? option on the Master Setup page will override any specifically selected organizations in the Local Organization table below. - Click.
- (Optional) Click on any local organization to be exported to the Slave Satellite.
- Click.
Note
In Satellite 5.5 and previous versions, the Master Satellite used theiss_slaves
parameter in the/etc/rhn/rhn.conf
file to identify which slaves could contact the Master Satellite. Satellite 5.6 and later uses the information in the Master Setup page to determine this information.
- On the Command Line:
- Enable the inter-satellite synchronization (ISS) feature in the
/etc/rhn/rhn.conf
file:disable_iss=0
- Save the configuration file, and restart the
httpd
service:service httpd restart
Procedure 10.2. Configuring Slave Servers
- In order to securely transfer content to the slave servers, the
ORG-SSL
certificate from the master server is needed. The certificate can be downloaded over HTTP from the/pub/
directory of any satellite. The file is calledRHN-ORG-TRUSTED-SSL-CERT
, but can be renamed and placed anywhere in the local filesystem of the slave, such as the/usr/share/rhn/
directory. - Log in to the Slave Satellite as the Satellite Administrator.
- Click→ → .
- On the top right-hand corner, click.
- Fill in the following information:
- Master Fully-Qualified Domain Name
- Default Master?
- Filename of this Master's CA Certificate - Use the full path of the CA Certificate downloaded in the initial step of this procedure.
- Click.
Procedure 10.3. Performing an Inter-Satellite Synchronization
- Begin the synchronization by running the
satellite-sync
command:satellite-sync -c your-channel
Note
Command line options that are manually provided with thesatellite-sync
command will override any custom settings in the/etc/rhn/rhn.conf
file.
Procedure 10.4. Mapping the Master Satellite's Exported Organizations to the Slave Satellite's Organizations
After following the procedures preceding this one, the Master Satellite should show up in the Slave Satellite's Slave Setup under
→ → . If it does not, please re-check the steps above.- Log in as the Satellite Administrator.
- Click on→ → .
- Select a Master Satellite by clicking on it's name.
- Use the drop-down box to map the exported master organization name to a matching local organization in the Slave Satellite.
- Click.
- On the command line, issue the
satellite-sync
on each of the custom channels to obtain the correct trust structure and channel permissions:satellite-sync -c your-channel
10.1.2. Automated Configuration
spacewalk-sync-setup
allows users to specify a Master and Slave Satellite instance and uses configuration files to set up the information described in both the Master and Slave setup. It can create a set of default configuration files if requested. Essentially, it automates the previously setup and mapped configuration for Master-Slave relationships.
In order for automated configuration to succeed:
- The spacewalk-utils package needs to be installed on the system that will issue the command
spacewalk-sync-setup
. - Existing organizations with custom permissions on the Master Satellite must be present.
- Existing organizations within the Slave Satellite must be present.
Procedure 10.5. Configuring the Master Satellite Server
- Enable the inter-satellite synchronization (ISS) feature in the
/etc/rhn/rhn.conf
file:disable_iss=0
- Save the configuration file, and restart the
httpd
service:service httpd restart
Procedure 10.6. Configuring Slave Servers
- In order to securely transfer content to the slave servers, the
ORG-SSL
certificate from the master server is needed. The certificate can be downloaded over HTTP from the/pub/
directory of any satellite. The file is calledRHN-ORG-TRUSTED-SSL-CERT
, but can be renamed and placed anywhere in the local filesystem of the slave, such as the/usr/share/rhn/
directory. - Log in to the Slave Satellite as the Satellite Administrator.
- Click→ → .
- On the top right-hand corner, click.
- Fill in the following information:
- Master Fully-Qualified Domain Name
- Default Master?
- Filename of this Master's CA Certificate - Use the full path of the CA Certificate downloaded in the initial step of this procedure.
- Click.
Procedure 10.7. Mapping Master Satellite Organizations to Slave Satellite Organizations with spacewalk-sync-setup
- Log in to a system. It does not matter if it is a Master Satellite, a Slave Satellite or a different system altogether, as long as the system can access the public XMLRPC API of the Master and Slave Satellites.
- Issue the
spacewalk-sync-setup
on a command line interface:spacewalk-sync-setup --ms=[Master_FQDN] \ --ml=[Master_Sat_Admin_login] \ --mp=[Master_Sat_Admin_password] \ --ss=[Slave FQDN] --sl=[Slave_Sat_Admin_login] \ --sp=[Slave_Sat_Admin_password> \ --create-templates --apply
Where:- --ms=MASTER, --master-server=MASTER is the FQDN of the Master to connect to
- --ml=MASTER_LOGIN, --master-login=MASTER_LOGIN is the Satellite Administrator login for the Master Satellite
- --mp=MASTER_PASSWORD, --master-password=MASTER_PASSWORD is the password for the Satellite Administrator login on the Master Satellite
- --ss=SLAVE, --slave-server=SLAVE is the FQDN of the Slave Satellite to connect to.
- --sl=SLAVE_LOGIN, --slave-login=SLAVE_LOGIN is the Satellite Administrator login for the Slave Satellite
- --sp=SLAVE_PASSWORD, --slave-password=SLAVE_PASSWORD is the password for the Satellite Administrator login on the Slave Satellite
- --ct, --create-templates is the option that creates both a master and a slave setup file for the master/slave pair we've pointed at
- --apply tells the Satellite instances to make the changes specified by the setup files to the specified Satellite instances
Note
For more setup options:spacewalk-sync-setup --help
The output from this command will be as follows:INFO: Connecting to [admin@master-fqdn] INFO: Connecting to [admin@slave-fqdn] INFO: Generating master-setup file $HOME/.spacewalk-sync-setup/master.txt INFO: Generating slave-setup file $HOME/.spacewalk-sync-setup/slave.txt INFO: Applying master-setup $HOME/.spacewalk-sync-setup/master.txt INFO: Applying slave-setup $HOME/.spacewalk-sync-setup/slave.txt
- On the command line, issue the
satellite-sync
command on each of the custom channels to obtain the correct trust structure and channel permissions:satellite-sync -c your-channel
10.2. Organizational Synchronization
- If the source content belongs to the
NULL
organization (that is, it is Red Hat content) it will default to theNULL
organization even if a destination organization is specified. This ensures that specified content is always in the privilegedNULL
organization. - If an organization is specified at the command line, content will be imported from that organization.
- If no organization is specified, it will default to organization 1.
orgid
) are used to synchronize satellites:
Example 10.1. Import Content from Master to Slave Satellite
satellite-sync --parent-sat=master.satellite.example.com -c channel-name --orgid=2
Example 10.2. Import Content from an Exported Dump of an Organization
$ satellite-sync -m /dump -c channel-name --orgid=2
Example 10.3. Import Content from Red Hat Network Hosted
$ satellite-sync -c channel-name
10.3. Inter-Satellite Synchronization Use Cases
Example 10.4. Staging Satellite
Figure 10.1. Staging Satellite
Figure 10.2. Syncing from Red Hat Network Hosted and a Satellite Staging Server
- Run the
satellite-sync
command to synchronize data with rhn_parent (usually Red Hat Network Hosted):satellite-sync -c your-channel
- Run the following command to synchronize data from the staging server:
satellite-sync --iss-parent=staging-satellite.example.com -c custom-channel
Example 10.5. Synchronized Slaves
Figure 10.3. Slave Satellites are maintained exactly as the master
Example 10.6. Slave Custom Content
Figure 10.4. Slave Satellites that retain their own custom content
Example 10.7. Bi-directional synchronization
satellite-sync
is run will pull the content from the other Satellite server and the synchronized data will depend on the options run with satellite-sync
. Without any options, the synchronization will attempt to update everything that was previously synchronized.
Figure 10.5. Bi-directional synchronization
Chapter 11. Upgrades
11.1. Upgrade Requirements
- An updated Red Hat Satellite certificate
- The Red Hat Satellite Upgrade Package (
rhn-upgrade
) - The installation media for the latest version of Red Hat Satellite
Procedure 11.1. Preparing for Red Hat Satellite Upgrade
Obtain Red Hat Satellite Certificate and installation media from the Red Hat Customer Portal
- Obtain a Red Hat Satellite 5 entitlement certificate from the Red Hat Customer Portal by following the instructions in Chapter 3, Entitlement Certificate.
- Save this certificate on your Red Hat Satellite server.
Obtain Red Hat Satellite Upgrade Package (
rhn-upgrade
)- Ensure the Satellite is registered to the Red Hat Satellite Channel.
- Install the
rhn-upgrade
package with the following command:# yum install rhn-upgrade
This package installs scripts and a comprehensive set of instructions for a Red Hat Satellite upgrade within the/etc/sysconfig/rhn/satellite-upgrade
directory.
Obtain Installation Media
- Obtain a Red Hat Satellite 5.7 ISO from the Red Hat Customer Portal at https://access.redhat.com/home under Downloads.
- Download this ISO to your Red Hat Satellite server.
Backup your Satellite 5 Server
- Backup your database. Use the following commands:
# db-control stop # db-control backup $BACKUP_DIR
Important
Due to an updated version of the PostgreSQL Embedded Database, the database location has changed from/var/lib/pgsql
in Red Hat Satellite 5.6 to/opt/rh/postgresql92/root/var/lib/pgsql
in Red Hat Satellite 5.7. Make sure to allocate enough hard disk space to this location. - Backup your RPM packages. The default location is
/var/satellite
unless you have changed this directory in your/etc/rhn/rhn.conf
configuration file. - Backup the
/etc/rhn/rhn.conf
configuration file, especially if you have made any modifications to it for authentication or changing default directory locations. The upgrade process overwrites this file with new settings. Retain the old version your old file so you can reference your Satellite 5 server settings.
11.2. Upgrading Red Hat Satellite to a New Version
Important
/etc/sysconfig/rhn/satellite-upgrade/README
file in the rhn-upgrade
package.
Important
/var/lib/pgsql
in Red Hat Satellite 5.6 to /opt/rh/postgresql92/root/var/lib/pgsql
in Red Hat Satellite 5.7. Make sure to allocate enough hard disk space to this location.
Procedure 11.2. Upgrade Red Hat Satellite
- Create a backup of your database:
# db-control stop # db-control backup $BACKUP_DIR
- Mount the ISO as specified in Section 4.1.2, “Mounting the Installation Media”
- Change your directory to the mounted ISO and run the installation program using the
--upgrade
and--disconnected
options.# cd /mount/cdrom # ./install.pl --upgrade --disconnected
Important
Use additional options if your Red Hat Satellite is a Managed Database or External Database. - Disable all Satellite services except for the database:
# /usr/sbin/rhn-satellite stop # db-control start
- Upgrade the database with
spacewalk-schema-upgrade
:# /usr/bin/spacewalk-schema-upgrade
- Verify the database upgrade. The following commands should output the same version:
# rhn-schema-version 5.7.0.11-1.el6sat # rpm -q --qf '%{version}-%{release}\n' satellite-schema 5.7.0.11-1.el6sat
- Activate the Red Hat Satellite. If using a connected Satellite:
# rhn-satellite-activate --rhn-cert [PATH-TO-NEW-CERT] --ignore-version-mismatch
If disconnected, run:# rhn-satellite-activate --rhn-cert [PATH-TO-NEW-CERT] --disconnected --ignore-version-mismatch
- Rebuild search indexes with the following command:
# service rhn-search cleanindex
This command cleans the search indexes for therhn-search
service and then restart it. - Enable Monitoring and Monitoring Scout. To enable Monitoring without enabling Monitoring Scout, run the following command:
# /usr/share/spacewalk/setup/upgrade/rhn-enable-monitoring.pl
To enable both Monitoring and Monitoring Scout, run the following command:# /usr/share/spacewalk/setup/upgrade/rhn-enable-monitoring.pl --enable-scout
- The upgrade process saves a backup of
rhn.conf
and other configuration files to/etc/sysconfig/rhn/backup-$DATE-$TIME
. Refer to the backup copy of therhn.conf
file and ensure any previous custom values are set in the new Red Hat Satellite's/etc/rhn/rhn.conf
file. For example:debug = 3 pam_auth_service = rhn-satellite
- Restart all Red Hat Satellite services:
# /usr/sbin/rhn-satellite restart
Note
11.3. Updating FIPS standards
- User passwords, previously encrypted with MD5 method, will be encrypted with SHA-256 algorithm
- Client certificates (
/etc/sysconfig/rhn/systemid
), which the registered systems use to authenticate with the parent server, are changed from MD5 to SHA-256 encryption
Procedure 11.3. Updating User Passwords
- Export a list of users with MD5-encrypted passwords:
# spacewalk-report users-md5 > users-md5.csv
- Change the password of each user using the following for loop:
# for i in $(cat users-md5.csv | awk -F, 'NR>1 { print $4 }'); do echo "Changing password for user $i"; satpasswd $i; echo; done
Alternatively, instruct all users on theusers-md5.csv
to log into Satellite's Web UI. Satellite will automatically change their passwords in the database to use SHA-256.
Procedure 11.4. Updating Client Certificates
- Export a list of client systems using certificates using MD5-encryption:
# spacewalk-report system-md5-certificates > system-md5-certificates.csv
- Use the
spacewalk-fips-tool
to schedule an update of systems in an organization. You need to repeat this process for each organization in your Satellite environment. First use the following commands for organization with ID 1:# ORG_ID=1 # for system in $(awk -F, "NR>1 { if (\$3 == $ORG_ID) print \$1 }" system-md5-certificates.csv); do systems="$systems $system"; done # spacewalk-fips-tool -i -u admin -d "2014-12-01 14:00:00" -o /tmp/scheduled-installations.csv $systems
This schedules the installation of packages requires for the certificate update on December 1, 2014 at 2pm.Next, Either runrhn_check -v
on each client or wait untilosad
picks up the event.Finally, use thespacewalk-fips-tool
again to schedule an update of certificates:# ORG_ID=1 # for system in $(awk -F, "NR>1 { if (\$3 == $ORG_ID) print \$1 }" system-md5-certificates.csv); do systems="$systems $system"; done # spacewalk-fips-tool -c -u admin -d "2014-12-01 14:00:00" -o /tmp/scheduled-installations.csv $systems
- Repeat this process for each organization ID.
Chapter 12. Migrating from RHN to RHSM
Warning
Warning
Procedure 12.1. Upgrading the Satellite 5 Database Schema
- On the Satellite 5 server, list packages for which updates are applicable.
# yum check-update
If there is an update pending for thesatellite-schema
package, complete the procedure detailed in How to upgrade the database schema of a Red Hat Satellite 5 server.
Procedure 12.2. Removing the Satellite 5 Subscription from Red Hat Network
- Open a web browser, log into the Red Hat Customer Portal, click Subscriptions, click Satellite in the list of Subscription Management Applications, then click on the Satellite tab.
- Find the desired Satellite instance in the list, and click on the host name.
Figure 12.1. Details of the Satellite 5 Subscription
- Click the check box beside the Red Hat Satellite subscription to be migrated, click , then click to confirm.
Warning
Remove only the Red Hat Satellite subscription. All other subscriptions must remain.The successful removal of the Red Hat Satellite subscription is confirmed by the message: The subscription(s) you selected have been removed. - In the Version drop-down list, select the version of Satellite 5 which you are currently running.
- Clickand save the certificate file locally.The Satellite 5 entitlement certificate, contained in the file downloaded, is required in Procedure 12.3, “ Migrating the Satellite 5 Registration ”.
Procedure 12.3. Migrating the Satellite 5 Registration
- Record the Red Hat Network username which was used to register the Red Hat Enterprise Linux instance. This username and its password is required by the migration script.
# grep -A1 name\>username /etc/sysconfig/rhn/systemid
In this example, the username isadmin@example.com
.<name>username</name> <value><string>admin@example.com</string></value>
- On the Satellite 5 server, ensure that all packages are current.
# yum update
- Confirm the version of the
spacewalk-backend
package is at version2.0.3-42
or higher.Note
If this is the Managed DB host, skip this step.# rpm -q spacewalk-backend spacewalk-backend-2.0.3-42.el6sat.noarch
Warning
If version 2.0.3-42 (or higher) ofspacewalk-backend
package is not available, or cannot be installed, do NOT proceed with the migration. Contact Red Hat Support for assistance. - Install the packages
subscription-manager
andsubscription-manager-migration
.Thesubscription-manager-migration
package contains the Satellite 5 subscription script.# yum install subscription-manager # yum install subscription-manager-migration
- Run the Satellite 5 Red Hat Network to Red Hat Subscription Manager migration script.
# rhn-migrate-classic-to-rhsm Legacy username: Red Hat Network username Legacy password: Red Hat Network password
TheLegacy username
andLegacy password
are the same credentials which were used to register the server to Red Hat Network. The username was obtained in the prior step.Example output fromrhn-migrate-classic-to-rhsm
.Retrieving existing legacy subscription information... +-----------------------------------------------------+ System is currently subscribed to these legacy channels: +-----------------------------------------------------+ rhel-x86_64-server-6 redhat-rhn-satellite-5.7-server-x86_64-6 +-----------------------------------------------------+ Installing product certificates for these legacy channels: +-----------------------------------------------------+ rhel-x86_64-server-6 redhat-rhn-satellite-5.7-server-x86_64-6 Product certificates installed successfully to /etc/pki/product. Preparing to unregister system from legacy server... System successfully unregistered from legacy server. Attempting to register system to destination server... Registering to: subscription.rhsm.redhat.com:443/subscription The system has been registered with ID: 284e025c-4a60-4084-b49c-4cb26fd7cf93 Installed Product Current Status: Product Name: Red Hat Enterprise Linux Server Status: Subscribed Product Name: Red Hat Satellite Status: Subscribed System 'satellite.example.com' successfully registered.
The messageSystem 'satellite.example.com' successfully registered.
confirms that the Satellite 5 system's migration to Red Hat Subscription Manager has been successful. In this example, the Satellite 5 server has been given a Red Hat Subscription Management UUID of284e025c-4a60-4084-b49c-4cb26fd7cf93
. - Disable all repositories.
# subscription-manager repos --disable '*'
- Enable only the following repositories.For Red Hat Enterprise Linux 6
# subscription-manager repos --enable rhel-6-server-rpms # subscription-manager repos --enable rhel-6-server-satellite-5.7-rpms
For Red Hat Enterprise Linux 5# subscription-manager repos --enable rhel-5-server-rpms # subscription-manager repos --enable rhel-5-server-satellite-5.7-rpms
- Reactivate the Satellite 5 instance.
Note
If this is the Managed DB host, skip this step.Therhn-satellite-activate
command requires the certificate downloaded in Procedure 12.2, “ Removing the Satellite 5 Subscription from Red Hat Network ”. In this example, the certificate was saved in fileSatellite-57.cert
.# rhn-satellite-activate -vvv --rhn-cert=Satellite-57.cert RHN_PARENT: satellite.rhn.redhat.com
When the Satellite Server is reactivated, you may see the following error message. This is expected, and can be safely ignored, because thesystemid
file is the Red Hat Network system ID. The system ID file is deleted when the host's registration is migrated to Red Hat Subscription Manager.ERROR: Server not registered? No systemid: /etc/sysconfig/rhn/systemid
- If Satellite is installed on Red Hat Enterprise Linux 6, optionally remove the packages which were previously used to communicate with Red Hat Network.
Warning
Do not remove the packages if Satellite is installed on Red Hat Enterprise Linux 5. Removing these packages from Red Hat Enterprise Linux 5 will result in the failure of Satellite.# yum remove yum-rhn-plugin rhn-check rhn-setup rhnsd
Chapter 13. Maintenance
13.1. Managing Red Hat Satellite with rhn-satellite
rhn-satellite
) to stop, start, or retrieve status information from these various services. This tool accepts all of the standard service commands:
/usr/sbin/rhn-satellite start /usr/sbin/rhn-satellite stop /usr/sbin/rhn-satellite restart /usr/sbin/rhn-satellite reload /usr/sbin/rhn-satellite enable /usr/sbin/rhn-satellite disable /usr/sbin/rhn-satellite status
rhn-satellite
to control Red Hat Satellite's operation and retrieve status messages from all services at once.
13.2. Performing Critical Updates to the Server
Important
httpd
service upon installation. Conducting a full update of the Red Hat Satellite Server (such as with the command yum update
) might cause Apache to fail. To avoid this, make sure to restart the httpd
service after upgrading it.
13.2.1. Performing Critical Updates to an Online Server
yum
tool. All Satellite services, except for the database, are shut down during the update process.
Procedure 13.1. Perform Critical Updates to an Online Server
- Stop the Satellite services, except for the Satellite database.
# rhn-satellite stop --exclude postgresql
- Take a backup of the Satellite's database in a working state. Run the following command and replace the [FILENAME] option with the full path to the backup file that you want to create. This location needs to be writable by the PostgreSQL user:
# db-control online-backup FILENAME
- Apply the updates:
# yum update
Apply all Satellite updates. Updating the schema without updating the rest of the Satellite components can cause issues with the Satellite database. - Update the database schema using spacewalk-schema-upgrade command.
# spacewalk-schema-upgrade
This process will update your database schema to latest version. Thespacewalk-schema-upgrade
command will inform you with the results of the upgrade and the locations of schema upgrade log files. To double-check if the schema update completed successfully, run the following commands:# rpm -q satellite-schema # rhn-schema-version
If the output versions match, continue with the process. Otherwise restore the database withdb-control restore /path/to/backup
. - Restart Red Hat Satellite:
# rhn-satellite start --exclude postgresql
- Clear the search index:
# service rhn-search cleanindex
It is recommended to clean the search index. The above command triggers the creation of a new one, which in most cases completes within thirty minutes to an hour. You might experience issues with the search features of Satellite 5 if you do not clean the index.
13.2.2. Performing Critical Updates to an Offline Server
Warning
13.2.3. Updating a Satellite Server's Manifest
13.3. Changing the Red Hat Satellite Host Name
spacewalk-utils
package contains the spacewalk-hostname-rename
script.
spacewalk-hostname-rename
script, you must first ensure that you know your SSL CA passphrase by performing the following command:
# openssl rsa -in path/RHN-ORG-PRIVATE-SSL-KEY
spacewalk-hostname-rename
requires one mandatory argument, which is the IP address of the Red Hat Satellite server, regardless of whether the IP address will change along with the hostname or not.
spacewalk-hostname-rename
is as follows:
spacewalk-hostname-rename <ip address> [ --ssl-country=<country> --ssl-state=<state>\ --ssl-org=<organization/company> --ssl-orgunit=<department> --ssl-email=<email address> --ssl-ca-password=<password>]
spacewalk-hostname-rename
generates a new certificate.
spacewalk-hostname-rename
, see the following Red Hat Knowledgebase entry:
13.4. Conducting Red Hat Satellite-Specific Tasks
13.4.1. Deleting Users
- Click Users in the top navigation bar of the Red Hat Network website.
- Click the name of the user to be removed.
- Click the delete user link at the top-right corner of the page.
- A confirmation page appears explaining that this removal is permanent. To continue, clickat the bottom-right corner of the page.
Note
13.4.2. Configuring Red Hat Satellite Search
/usr/share/rhn/config-defaults/rhn_search.conf
file. The following list defines the search configuration and their default values in parentheses.
- search.index_work_dir
- Specifies where Lucene indexes are kept (
/usr/share/rhn/search/indexes
). - search.rpc_handlers
- Semi-colon separated list of classes to act as handlers for XMLRPC calls.
(filename>index:com.redhat.satellite.search.rpc.handlers.IndexHandler, db:com.redhat.satellite.search.rpc.handlers.DatabaseHandler, admin:com.redhat.satellite.search.rpc.handlers.AdminHandler)
- search.max_hits_returned
- Maximum number of results which will be returned for the query (
500
). - search.connection.driver_class
- JDBC driver class to conduct database searches (
oracle.jdbc.driver.OracleDriver
). - search.score_threshold
- Minimum score a result needs to be returned back as query result (
.10
). - search.system_score_threshold
- Minimum score a system search result needs to be returned back as a query result (
.01
). - search.errata_score_threshold
- Minimum score an errata search result needs to be returned back as a query result (
.20
). - search.errata.advisory_score_threshold
- Minimum score an errata advisory result needs to be returned back as a query result (
.30
). - search.min_ngram
- Minimum length of n-gram characters. Note that any change to this value requires
clean-index
to be run, and doc-indexes need to be modified and rebuilt (1
). - search.max_ngram
- Maximum length of n-gram characters. Note that any change to this value requires
clean-index
to be run, and doc-indexes need to be modified and rebuilt (5
). - search.doc.limit_results
- Type
true
to limit the number of results both on search.score_threshold and restrict max hits to be below search.max_hits_returned; typefalse
means to return all documentation search matches (false
). - search.schedule.interval
- Input the time in milliseconds to control the interval with which the SearchServer polls the database for changes; the default is 5 minutes (
300000
). - search.log.explain.results
- Used during development and debugging. If set to true, this will log additional information showing what influences the score of each result (
false
).
13.5. Automating Synchronization
root
:
crontab -e
Note
EDITOR
variable, like so: export EDITOR=gedit
. Choosing a graphical editor will require an enabled graphical interface.
0 1 * * * perl -le 'sleep rand 9000' && satellite-sync --email >/dev/null \ 2>/dev/null
stdout
and stderr
from cron
to prevent duplicating the more easily read messages from satellite-sync
. Use other options from Section 9.1, “Red Hat Satellite Synchronization Tool” if necessary.
13.6. Enabling Push to Clients
osa-dispatcher
) provides support for this feature.
jabberd
to the osad instances running on the clients.
Important
osa-dispatcher
package, which is contained in the Red Hat Satellite software channel for on the Customer Portal. Once installed, start the service on the Satellite as root
using the following command:
service osa-dispatcher start
osad
package on all client systems to receive pushed actions. Find this package within the Red Hat Network Tools child channel on the Red Hat Satellite.
Warning
osad
package on the Red Hat Satellite server. This package conflicts with the osa-dispatcher
package installed on the server.
root
using the command:
service osad start
osa-dispatcher
and osad
accept stop
, restart
, and status
commands, as well.
13.7. Maintaining the Database
# su postgres - bash-4.1$ psql -d rhnschema -c 'VACUUM;' bash-4.1$ exit
postgres
user to access the Satellite 5 database (rhnschema
) and perform a VACUUM
on the database tables. This reclaims storage that dead tuples occupy. Deleted or obsolete tuples are not usually physically removed from their table and remain present until performing a VACUUM
.
13.8. Migrating the Database
13.8.1. Migrating from an Embedded Database to a Managed Database
- The Red Hat Satellite installation ISO
- A complete installation of Red Hat Satellite server with an Embedded Database (
satellite.example.com
) - A new system to host the Managed Database with Red Hat Enterprise Linux 6 installed (
manageddb.example.com
)
Procedure 13.2. Migrating to a Managed Database
- Shut down the Red Hat Satellite instance:
[root@satellite ~]# rhn-satellite stop
- Remove the
rhn-upgrade
if it exists on your server:[root@satellite ~]# yum remove rhn-upgrade
- Use
db-control
to create a database backup[root@satellite ~]# mkdir ~/dbbackup [root@satellite ~]# db-control backup ~/dbbackup
- Copy the database backup from the Satellite server to the Managed Database server.
[root@satellite ~]# scp -r ~/dbbackup root@manageddb.example.com:~/.
- Install the Managed Database using the Red Hat Satellite installation ISO. For full instructions, see Section 4.2.6, “Installing the Managed Database”.
- After you have installed the Managed External Database, shut it down and back up the database configuration and access control files.
[root@manageddb ~]# db-control stop [root@manageddb ~]# cp /opt/rh/postgresql92/root/var/lib/pgsql/data/postgresql.conf ~/dbbackup [root@manageddb ~]# cp /opt/rh/postgresql92/root/var/lib/pgsql/data/pg_hba.conf ~/dbbackup
You need to backup these files because the migration process will erase them. - Use
db-control
to restore the database backup to the Managed Database server.[root@manageddb ~]# db-control restore ~/dbbackup
- Restore the database configuration and access control files from backup to the Managed Database.
[root@manageddb ~]# cp ~/dbbackup/postgresql.conf /opt/rh/postgresql92/root/var/lib/pgsql/data/postgresql.conf [root@manageddb ~]# cp ~/dbbackup/pg_hba.conf /opt/rh/postgresql92/root/var/lib/pgsql/data/pg_hba.conf
- On the Satellite server, edit the
/etc/rhn/rhn.conf
file and changedb_host
to the domain name of the Managed Database and set thedb_port
to 5432. For example:db_host = manageddb.example.com db_port = 5432
- Remove
postgresql92-postgresql
from the/etc/rhn/service-list
file on the Satellite server.[root@satellite ~]# sed -i 's/postgresql92-postgresql //g' /etc/rhn/service-list
- On the Managed Database, edit the
/etc/rhn/rhn.conf
file and changedb_name
,db_user
,db_password
to reflect the same values in/etc/rhn/rhn.conf
on the Satellite server. For example:db_name = mydb db_user = mydbuser db_password = mydbpassword
- Start the Managed Database instance using
db-control
.[root@manageddb ~]# db-control start
- Remove the
postgresql92-server
andspacewalk-dobby
packages from the Satellite server.[root@satellite ~]# yum remove postgresql92-server spacewalk-dobby
- Restart Red Hat Satellite.
[root@satellite ~]# rhn-satellite start
13.8.2. Migrating from an Embedded Database to an External PostgreSQL Database
- A complete installation of Red Hat Satellite server with an Embedded Database (
satellite.example.com
) - A system hosting a running instance of PostgreSQL (
postgresql.example.com
), See Section 4.3.1.1, “PostgreSQL Database Requirements” for configuration details.
Procedure 13.3. Migrating to an External PostgreSQL Database
- Shut down all services on the Red Hat Satellite server, but start the Embedded Database with
db-control
:[root@satellite ~]# rhn-satellite stop [root@satellite ~]# db-control start
- Remove the
rhn-upgrade
if it exists on your server:[root@satellite ~]# yum remove rhn-upgrade
- Update your database to the latest schema version:
[root@satellite ~]# yum update satellite-schema [root@satellite ~]# spacewalk-schema-upgrade
This ensures that your database version matches the latest version on the External PostgreSQL Database. - Create a directory to hold your database snapshot.
[root@satellite ~]# mkdir ~/dbbackup [root@satellite ~]# cd ~/dbbackup
- Export the database using
spacewalk-dump-schema
:[root@satellite dbbackup]# spacewalk-dump-schema --to=postgresql > migrate-to-postgresql.sql
- Stop the Embedded Database:
[root@satellite dbbackup]# db-control stop
- Use
spacewalk-setup
to populate the External PostgreSQL Database:[root@satellite dbbackup]# spacewalk-setup --db-only --external-postgresql
The script asks for your database details so Satellite can connect and populate the database. Enter your External PostgreSQL Database details:** Database: Setting up database connection for PostgreSQL backend. Hostname (leave empty for local)? postgresql.example.com Port [5432]? Database? myextdb Username? root Password?
The script populates the database. - When the script completes database population, restore the database schema
[root@satellite dbbackup]# spacewalk-sql -i < migrate-to-postgresql.sql
- Remove the
postgresql92-server
andspacewalk-dobby
packages from the Satellite server.[root@satellite ~]# yum remove postgresql92-server spacewalk-dobby
- Start Red Hat Satellite.
[root@satellite ~]# rhn-satellite start
13.8.3. Migrating from an Embedded Database to an External Oracle Database
- A complete installation of Red Hat Satellite server with an Embedded Database (
satellite.example.com
) - A system hosting a running instance of Oracle Database (
oracledb.example.com
). See Section 4.3.1, “External Database Requirements” for configuration details.
Procedure 13.4. Migrating to an External Oracle Database
- Shut down all services on the Red Hat Satellite server, but start the Embedded Database with
db-control
:[root@satellite ~]# rhn-satellite stop [root@satellite ~]# db-control start
- Remove the
rhn-upgrade
if it exists on your server:[root@satellite ~]# yum remove rhn-upgrade
- Update your database to the latest schema version:
[root@satellite ~]# yum update satellite-schema [root@satellite ~]# spacewalk-schema-upgrade
This ensures that your database version matches the latest version on the External Oracle Database. - Create a directory to hold your database snapshot.
[root@satellite ~]# mkdir ~/dbbackup [root@satellite ~]# cd ~/dbbackup
- Export the database using
spacewalk-dump-schema
:[root@satellite dbbackup]# spacewalk-dump-schema --to=oracle > migrate-to-oracle.sql
- Stop the Embedded Database:
[root@satellite dbbackup]# db-control stop
- Exchange the PostgreSQL drivers and configuration scripts with the Oracle drivers and configuration scripts on the Satellite server:
[root@satellite dbbackup]# yum remove -y spacewalk-postgresql [root@satellite dbbackup]# yum install -y spacewalk-oracle [root@satellite dbbackup]# yum remove -y spacewalk-java-postgresql spacewalk-backend-sql-postgresql
- Use
spacewalk-setup
to populate the External Oracle Database:[root@satellite dbbackup]# spacewalk-setup --db-only --external-oracle
The script asks for your database details so Satellite can connect and populate the database. Enter your External Oracle Database details:** Database: Setting up database connection for Oracle backend. Database service name (SID)? oracledb Database hostname [localhost]? oracledb.example.com Database (listener) port [1521]?
The script populates the database.Important
Use the default Oracle Database port (1521) for the Red Hat Satellite database. Using an alternative port can cause SELinux errors. - When the script completes database population, restore the database schema
[root@satellite dbbackup]# spacewalk-sql -i < migrate-to-oracle.sql
Important
You might need to change SELinux context of the migration script before loading it into Oracle Database:[root@satellite dbbackup]# semanage fcontext -a -t oracle_sqlplus_exec_t /root/dbbackup/migrate-to-oracle.sql [root@satellite dbbackup]# restorecon -v /root/dbbackup/migrate-to-oracle.sql
Similarly, you might need to change SELinux context of dumped tables:[root@satellite dbbackup]# semanage fcontext -a -t oracle_tmp_t "/tmp/dumped-tables(/.*)?" [root@satellite dbbackup]# restorecon -R -v /tmp/dumped-tables/
- Remove the
postgresql92-server
andspacewalk-dobby
packages from the Satellite server.[root@satellite ~]# yum remove postgresql92-server spacewalk-dobby
- Start Red Hat Satellite.
[root@satellite ~]# rhn-satellite start
13.8.4. Migrating from a Managed Database to an Embedded Database
- The Red Hat Satellite installation ISO
- A complete installation of Red Hat Satellite server (
satellite.example.com
) with a Managed Database on a seperate server (manageddb.example.com
)
Procedure 13.5. Migrating to an Embedded Database
- Stop the main services on the Satellite server.
[root@satellite ~]# rhn-satellite stop
- Shut down the database on the Managed Database server.
[root@manageddb ~]# db-control stop
- Remove the
rhn-upgrade
if it exists on your server:[root@satellite ~]# yum remove rhn-upgrade
- Use db-control to create a database backup on the Managed Database Server and copy that backup to the Satellite server.
[root@manageddb ~]# mkdir ~/dbbackup [root@manageddb ~]# db-control backup ~/dbbackup [root@manageddb ~]# scp -r ~/dbbackup root@satellite.example.com:~/.
The Managed Database server is now free for other purposes. All further actions take place on the Satellite server. - Mount the Red Hat Satellite installation ISO on the Satellite server and set and export the YUM0 variable with the Red Hat Satellite mount point value.
[root@satellite ~]# mkdir /media/cdrom [root@satellite ~]# mount -o loop Red_Hat_Satellite_57.iso /media/cdrom [root@satellite ~]# export YUM0=/media/cdrom
- Enable the
red-hat-satellite
repository. If thered-hat-satellite
repository definition is not present, install thesatellite-repo
package found in$YUM0/Satellite
. After thered-hat-satellite
repository is enabled, install the@satellite-database
package group and disable thered-hat-satellite
repository.[root@satellite ~]# yum install @satellite-database --enablerepo=red-hat-satellite
- Use
db-control
to restore the database backup.[root@satellite ~]# db-control restore ~/dbbackup
- Edit the
/etc/rhn/rhn.conf
file to remove the db_port and db_host values.[root@satellite ~]# sed -i 's/db_host\s*=.*/db_host = /' /etc/rhn/rhn.conf [root@satellite ~]# sed -i 's/db_port\s*=.*/db_port = /' /etc/rhn/rhn.conf
- Add the
postgresql92-postgresql
service to the/etc/rhn/service-list
file to ensure that it is started and stopped in parallel with Red Hat Satellite.[root@satellite ~]# echo "SERVICES=\"postgresql92-postgresql \$SERVICES\"" >> /etc/rhn/service-list
- Start the Red Hat Satellite services.
[root@satellite ~]# rhn-satellite start
13.8.5. Migrating from an External PostgreSQL Database to an Embedded Database
- A complete installation of Red Hat Satellite server (
satellite.example.com
) using an External PostgreSQL Database (postgresql.example.com
).
Procedure 13.6. Migrating to an Embedded Database from an External PostgreSQL Database
- Shut down all services on the Red Hat Satellite server:
[root@satellite ~]# rhn-satellite stop
- Make sure your External PostgreSQL Database is still running.
- Remove the
rhn-upgrade
if it exists on your server:[root@satellite ~]# yum remove rhn-upgrade
- Update the External PostgreSQL Database to the latest schema version:
[root@satellite ~]# yum update satellite-schema [root@satellite ~]# spacewalk-schema-upgrade
This ensures that your database version matches the latest version for the Embedded Database. - Create a directory to hold your database snapshot.
[root@satellite ~]# mkdir ~/dbbackup [root@satellite ~]# cd ~/dbbackup
- Export the database using
spacewalk-dump-schema
:[root@satellite dbbackup]# spacewalk-dump-schema --to=postgresql > migrate-to-postgresql.sql
- Stop the External Database. It is no longer required.
- Install the PostgreSQL installation and Satellite database tools packages on the Satellite server:
[root@satellite dbbackup]# yum install -y spacewalk-setup-postgresql spacewalk-dobby
- Use
spacewalk-setup
to populate the Embedded Database:[root@satellite dbbackup]# spacewalk-setup --db-only
The script populates the database. Wait until this process completes.** Database: Setting up database connection for PostgreSQL backend. ** Database: Installing the database: ** Database: This is a long process that is logged in: ** Database: /var/log/rhn/install_db.log *** Progress: # ** Database: Installation complete. ** Database: Populating database. *** Progress: ####################################
- When the script completes database population, restore the database schema:
[root@satellite dbbackup]# spacewalk-sql -i < migrate-to-postgresql.sql
- Start Red Hat Satellite.
[root@satellite ~]# rhn-satellite start
13.8.6. Migrating from an External Oracle Database to an Embedded Database
- A complete installation of Red Hat Satellite server (
satellite.example.com
) using an External Oracle Database (oracledb.example.com
).
Procedure 13.7. Migrating to an Embedded Database from Oracle Database
- Shut down all services on the Red Hat Satellite server:
[root@satellite ~]# rhn-satellite stop
- Make sure your External Oracle Database is still running.
- Remove the
rhn-upgrade
if it exists on your server:[root@satellite ~]# yum remove rhn-upgrade
- Update the External Oracle Database to the latest schema version:
[root@satellite ~]# yum update satellite-schema [root@satellite ~]# spacewalk-schema-upgrade
This ensures that your database version matches the latest version for the Embedded Database. - Create a directory to hold your database snapshot.
[root@satellite ~]# mkdir ~/dbbackup [root@satellite ~]# cd ~/dbbackup
- Export the database using
spacewalk-dump-schema
:[root@satellite dbbackup]# spacewalk-dump-schema --to=postgresql > migrate-to-postgresql.sql
- Stop the External Oracle Database. It is no longer required.
- Exchange the Oracle drivers and configuration scripts with the PostgreSQL drivers and configuration scripts on the Satellite server:
[root@satellite dbbackup]# yum remove -y spacewalk-oracle [root@satellite dbbackup]# yum install -y spacewalk-postgresql spacewalk-setup-postgresql spacewalk-dobby [root@satellite dbbackup]# yum remove -y spacewalk-java-oracle spacewalk-backend-sql-oracle
- Use
spacewalk-setup
to populate the Embedded Database:[root@satellite dbbackup]# spacewalk-setup --db-only
The script populates the database. Wait until this process completes.** Database: Setting up database connection for PostgreSQL backend. ** Database: Installing the database: ** Database: This is a long process that is logged in: ** Database: /var/log/rhn/install_db.log *** Progress: # ** Database: Installation complete. ** Database: Populating database. *** Progress: ####################################
- When the script completes database population, restore the database schema
[root@satellite dbbackup]# spacewalk-sql -i < migrate-to-postgresql.sql
- Start Red Hat Satellite.
[root@satellite ~]# rhn-satellite start
13.8.7. Migrating from an External Oracle Database to an External PostgreSQL Database
- A complete installation of Red Hat Satellite server (
satellite.example.com
) using an External Oracle Database (oracledb.example.com
). - A system hosting a running instance of PostgreSQL (
postgresql.example.com
), See Section 4.3.1.1, “PostgreSQL Database Requirements” for configuration details.
Procedure 13.8. Migrating to an External Database from Oracle Database
- Shut down all services on the Red Hat Satellite server:
[root@satellite ~]# rhn-satellite stop
- Make sure your External Oracle Database is still running.
- Remove the
rhn-upgrade
if it exists on your server:[root@satellite ~]# yum remove rhn-upgrade
- Update the External Oracle Database to the latest schema version:
[root@satellite ~]# yum update satellite-schema [root@satellite ~]# spacewalk-schema-upgrade
This ensures that your database version matches the latest version for the External Database. - Create a directory to hold your database snapshot.
[root@satellite ~]# mkdir ~/dbbackup [root@satellite ~]# cd ~/dbbackup
- Export the database using
spacewalk-dump-schema
:[root@satellite dbbackup]# spacewalk-dump-schema --to=postgresql > migrate-to-postgresql.sql
- Stop the External Oracle Database. It is no longer required.
- Exchange the Oracle drivers and configuration scripts with the PostgreSQL drivers and configuration scripts on the Satellite server:
[root@satellite dbbackup]# yum remove -y spacewalk-oracle [root@satellite dbbackup]# yum install -y spacewalk-postgresql [root@satellite dbbackup]# yum remove -y spacewalk-java-oracle spacewalk-backend-sql-oracle
- Use
spacewalk-setup
to populate the External Database:[root@satellite dbbackup]# spacewalk-setup --db-only --external-postgresql
The script asks for your database details so Satellite can connect and populate the database. Enter your External PostgreSQL Database details:** Database: Setting up database connection for PostgreSQL backend. Hostname (leave empty for local)? postgresql.example.com Port [5432]? Database? myextdb Username? root Password?
- When the script completes database population, restore the database schema
[root@satellite dbbackup]# spacewalk-sql -i < migrate-to-postgresql.sql
- Start Red Hat Satellite.
[root@satellite ~]# rhn-satellite start
Appendix A. Example Red Hat Satellite Installation Topologies
- The total number of client systems to be served by the Red Hat Satellite.
- The maximum number of clients expected to connect concurrently to the Red Hat Satellite.
- The number of custom packages and channels to be served by the Red Hat Satellite.
- The number of Red Hat Satellites being used in the customer environment.
- The number of Red Hat Proxy Servers being used in the customer environment.
A.1. Single Red Hat Satellite Topology
Figure A.1. Single Red Hat Satellite Topology
A.2. Multiple Red Hat Satellite Horizontally Tiered Topology
rhn-satellite-exporter
and satellite-sync -m
commands. Alternatively, the Inter-Satellite Sync 2 feature is designed for this purpose.
Figure A.2. Multiple Red Hat Satellite Horizontally Tiered Topology
A.3. Red Hat Satellite-to-Proxy Vertically Tiered Topology
Figure A.3. Red Hat Satellite-to-Proxy Vertically Tiered Topology
Appendix B. Sample Red Hat Satellite Configuration File
/etc/rhn/rhn.conf
configuration file for the Red Hat Satellite provides a means for you to establish key settings. Be warned, however, that errors inserted into this file may cause Satellite failures. So make configuration changes with caution.
#/etc/rhn/rhn.conf example for a Red Hat Satellite #------------------------------------------------- # Destination of all tracebacks, such as crash information, etc. traceback_mail = test@pobox.com, test@redhat.com mount_point = /var/satellite kickstart_mount_point = /var/satellite repomd_cache_mount_point = /var/cache server.satellite.rhn_parent = satellite.rhn.redhat.com # Use proxy FQDN, or FQDN:port server.satellite.http_proxy = server.satellite.http_proxy_username = server.satellite.http_proxy_password = server.satellite.ca_chain = /usr/share/rhn/RHNS-CA-CERT # Use these options if this server is intended to be a slave. # Name of parent for ISS. # # If left blank rhn_parent is taken by default. # # This option can be overriden on satellite-sync command line. iss_parent = iss_ca_chain = /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT # Use this option if this server is intended to be a master # Comma separated list of allowed iss slaves, like: # allowed_iss_slaves=slave1-satellite.redhat.com,slave2-satellite.redhat.com allowed_iss_slaves= # Completely disable ISS. # If set to 1, then no slave will be able to sync from this server # this option does not affect ability to sync to this server from # another spacewalk (or hosted). disable_iss=0 db_backend = postgresql db_user = rhnuser db_password = rhnpw db_name = rhnschema db_host = db_port = server.nls_lang = english.UTF8 hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect hibernate.connection.driver_class=org.postgresql.Driver hibernate.connection.driver_proto=jdbc:postgresql web.satellite = 1 web.satellite_install = web.session_swap_secret_1 = 9c3da20106d2968d838ee0e8a0431d25 web.session_swap_secret_2 = 9d6dcb05f90586c9aa0cba72328f9abb web.session_swap_secret_3 = 296ddef52ea5df4bc5ee666a238c0454 web.session_swap_secret_4 = 0863e7427021c045fe4c19dbd3db1900 session_secret_1 = 2ae50e0414ecc9d42e15fece90cce4b5 session_secret_2 = da2abb2f77c328f879d7b4f24a2d68fa session_secret_3 = 60531c88064d0d00edbfe683a1c962da session_secret_4 = 1af4c9e335d427761d17bb93d051df87 server.secret_key = d8e7f083a9c40bf76d09c38fb5d0e52b encrypted_passwords = 1 web.param_cleansers = RHN::Cleansers->cleanse web.base_acls = RHN::Access web.restrict_mail_domains = web.ssl_available = 1 web.is_monitoring_backend = 1 web.is_monitoring_scout = 1 # OSA configuration # server.jabber_server = sat570.example.com osa-dispatcher.jabber_server = sat570.example.com # set up SSL on the dispatcher osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT # Enable Solaris support web.enable_solaris_support = 0 # force removing entitlements from systems when modifying multiorg entitlements # below the current usage amount. web.force_unentitlement=0 # system snapshots enabled enable_snapshots = 1 #cobbler host name cobbler.host = sat570.example.com #option generated from rhn-config-satellite.pl web.subscribe_proxy_channel=1 #option generated from rhn-config-satellite.pl force_package_upload=1 #option generated from rhn-config-satellite.pl enable_nvrea=0 #option generated from rhn-config-satellite.pl web.default_mail_from=RHN Satellite dev-null@localhost #option generated from rhn-config-satellite.pl web.l10n_resourcebundles=com.redhat.rhn.frontend.strings.jsp.StringPackage,com.redhat.rhn.frontend.strings.java.StringPackage,com.redhat.rhn.frontend.strings.database.StringPackage,com.redhat.rhn.frontend.strings.nav.StringPackage,com.redhat.rhn.frontend.strings.template.StringPackage,com.redhat.rhn.branding.strings.StringPackage #option generated from rhn-config-satellite.pl product_name=RHN Satellite #option generated from rhn-config-satellite.pl web.version=5.7.0 #option generated from rhn-config-satellite.pl disconnected=1
Appendix C. Revision History
Revision History | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Revision 4-62 | Tue Sep 19 2017 | |||||||||||||||
| ||||||||||||||||
Revision 4-61 | Thu Aug 22 2017 | |||||||||||||||
| ||||||||||||||||
Revision 4-60 | Sat Jul 22 2017 | |||||||||||||||
| ||||||||||||||||
Revision 4-59 | Tue Jul 18 2017 | |||||||||||||||
| ||||||||||||||||
Revision 4-58 | Thu Mar 3 2016 | |||||||||||||||
| ||||||||||||||||
Revision 4-57 | Thu Sep 24 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-56 | Tue Sep 15 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-55 | Wed Sep 9 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-54 | Thu Aug 20 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-53 | Mon Aug 17 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-52 | Mon Aug 17 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-51 | Tue Aug 11 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-50 | Wed May 27 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-49 | Thu Apr 9 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-48 | Thu Mar 12 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-47 | Thu Mar 12 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-46 | Thu Mar 5 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-45 | Wed Mar 4 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-44 | Tue Mar 3 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-43 | Fri Feb 20 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-42 | Tue Feb 17 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-41 | Tue Feb 3 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-40 | Thu Jan 15 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-39 | Thu Jan 15 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-38 | Mon Jan 12 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-37 | Wed Jan 7 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-36 | Thu Jan 1 2015 | |||||||||||||||
| ||||||||||||||||
Revision 4-35 | Mon Dec 8 2014 | |||||||||||||||
| ||||||||||||||||
Revision 4-34 | Fri Nov 21 2014 | |||||||||||||||
| ||||||||||||||||
Revision 4-33 | Mon Nov 17 2014 | |||||||||||||||
| ||||||||||||||||
Revision 4-32 | Fri Oct 17 2014 | |||||||||||||||
| ||||||||||||||||
Revision 4-31 | Fri Sep 27 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-30 | Wed Sep 18 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-29 | Tue Sep 17 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-28 | Mon Sep 16 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-27 | Thu Sep 12 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-26 | Thu Sep 12 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-25 | Thu Sep 12 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-24 | Wed Sep 11 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-23 | Tue Sep 10 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-22 | Mon Sep 9 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-21 | Mon Sep 9 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-20 | Mon Sep 9 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-19 | Mon Sep 9 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-18 | Mon Sep 9 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-17 | Mon Sep 9 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-16 | Mon Sep 9 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-15 | Sun Sep 8 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-14 | Sun Sep 8 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-13 | Fri Sep 6 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-12 | Thu Aug 29 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-11 | Tue Aug 27 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-10 | Wed Aug 21 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-9 | Tue Aug 20 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-8 | Sun Jul 28 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-7 | Sun Jul 28 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-6 | Sun Jul 28 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-5 | Wed Jul 24 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-4 | Tue Jul 23 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-3 | Fri Jul 19 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-2 | Fri Jul 12 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-1 | Thu Jul 11 2013 | |||||||||||||||
| ||||||||||||||||
Revision 4-0 | Fri Jul 5 2013 | |||||||||||||||
| ||||||||||||||||
Revision 3-19 | Wed Jan 2 2013 | |||||||||||||||
| ||||||||||||||||
Revision 3-18 | Thu Sep 27 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-17 | Wed Sep 19 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-16 | Wed Aug 22 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-15 | Wed Aug 22 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-14 | Tue Aug 21 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-13 | Tue Aug 21 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-12 | Tue Aug 21 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-11 | Tue Aug 21 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-10 | Tue Aug 21 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-9 | Tue Aug 21 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-8 | Mon Aug 20 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-7 | Mon Aug 20 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-6 | Mon Aug 13 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-5 | Mon Aug 13 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-4 | Mon Aug 06 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-2 | Mon Aug 06 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-1 | Wed Jul 11 2012 | |||||||||||||||
| ||||||||||||||||
Revision 3-0 | Tue May 22 2012 | |||||||||||||||
| ||||||||||||||||
Revision 2-8 | Wed Jan 4 2012 | |||||||||||||||
| ||||||||||||||||
Revision 2-7 | Wed Jan 4 2012 | |||||||||||||||
| ||||||||||||||||
Revision 2-6 | Wed Oct 26 2011 | |||||||||||||||
| ||||||||||||||||
Revision 2-5 | Mon Aug 15 2011 | |||||||||||||||
| ||||||||||||||||
Revision 2-4 | Wed Jul 6 2011 | |||||||||||||||
| ||||||||||||||||
Revision 2-3 | Wed Jun 22 2011 | |||||||||||||||
| ||||||||||||||||
Revision 2-2 | Wed Jun 15 2011 | |||||||||||||||
| ||||||||||||||||
Revision 2-1 | Fri May 27 2011 | |||||||||||||||
| ||||||||||||||||
Revision 2-0 | Fri May 6 2011 | |||||||||||||||
| ||||||||||||||||
Revision 1-36 | Tue May 3 2011 | |||||||||||||||
| ||||||||||||||||
Revision 1-35 | Wed April 27 2011 | |||||||||||||||
| ||||||||||||||||
Revision 1-34 | Wed April 13 2011 | |||||||||||||||
| ||||||||||||||||
Revision 1-33 | Tue Feb 8 2011 | |||||||||||||||
| ||||||||||||||||
Revision 1-32 | Mon Feb 7 2011 | |||||||||||||||
| ||||||||||||||||
Revision 1-31 | Mon Feb 7 2011 | |||||||||||||||
| ||||||||||||||||
Revision 1-30 | Mon Jan 31 2011 | |||||||||||||||
|