Not every customer must connect securely to a RHN Satellite Server or RHN Proxy Server within their organization. Not every customer needs to build and deploy a GPG key for custom packages. (Both of these topics are explained in detail later.) Every customer who uses RHN Satellite Server or RHN Proxy Server must reconfigure the Red Hat Update Agent (
up2date) and possibly the Red Hat Network Registration Client (
rhn_register) to redirect it from Red Hat Network to their RHN Satellite Server or RHN Proxy Server.
Although this is not configurable, note that the port used by the Red Hat Update Agent is 443 for SSL (HTTPS) and 80 for non-SSL (HTTP). By default,
up2date uses SSL only. For this reason, users should ensure that their firewalls allow connections over port 443. To bypass SSL, change the protocol for
/etc/sysconfig/rhn/up2date. Similarly, to use RHN's Monitoring feature and probes requiring the Red Hat Network Monitoring Daemon, note that client systems must allow connections on port 4545 (or port 22, if using
By default, the Red Hat Network Registration Client and the Red Hat Update Agent refer to the main Red Hat Network Servers. Users must reconfigure client systems to refer to their RHN Satellite Server or RHN Proxy Server.
Note that the latest versions of the Red Hat Update Agent
can be configured to accommodate several RHN Servers, thereby providing failover protection in case the primary server is inaccessible. Refer to Section 2.2.4, “Implementing Server Failover”
for instructions on enabling this feature.
The next sections describe three methods of configuring the client systems to access your RHN Satellite Server or RHN Proxy Server: using an Activation Key,
, and manually updating the configuration files.( To see how virtually all reconfiguration can be scripted, see Chapter 6, Manually Scripting the Configuration
2.2.1. Registering with Activation Keys
Red Hat recommends using activation keys for registering and configuring client systems that access RHN Proxy Server or RHN Satellite Server. Activation keys can be used to register, entitle, and subscribe systems in a batch. Refer to the Activation Keys section of the Red Hat Update Agent chapter within the RHN Management Reference Guide for instructions on use.
Registering with an activation key has four basic steps:
Generate an Activation Key as described in the Activation Keys section of the Red Hat Update Agent chapter within the RHN Management Reference Guide
Import custom GPG keys.
Download and install the SSL Certificate RPM from the
/pub/ directory of the RHN Proxy Server or RHN Satellite Server. The command for this step could look something like this:
rpm -Uvh\ http://your-satellite.com/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Register the system with your RHN Proxy Server or RHN Satellite Server. The command for this step could look something like:
rhnreg_ks --activationkey mykey --serverUrl https://your-satellite.com/XMLRPC
Alternatively, most of the above steps can be combined in a shell script that includes the following lines:
wget -0 - http://your-satellite-DQDN/pub/bootstrap.sh | bash \ && rhnreg_ks --activation-key my_key --serverUrl \ https://your-satellite-FQDN/XMLRPC
The bootstrap script, generated at installation and available for both RHN Satellite Server and RHN Proxy Server, is such a script. The script and the RHN Bootstrap that generates it are discussed in detail in Chapter 5, Using RHN Bootstrap
Systems running Red Hat Enterprise Linux 2.1 and versions of Red Hat Linux prior to 8.0 may experience problems using Activation Keys to migrate SSL certificate settings from
up2date. Therefore, the SSL certificate information on those systems must be set manually. All other settings, such as the server URL, transfer properly.