4.2. RHN Proxy Server Installation Process
- Register the newly-installed Red Hat Enterprise Linux system with Red Hat Network (either the central RHN Servers or your RHN Satellite Server) using the organizational account containing the RHN Proxy Server entitlement with the command:
- To perform an installation, type the following command:
configure-proxy.shThe command-line installation program leads users through a series of prompts regarding RHN Proxy Server installation and initial configuration details such as installation options and SSL certificate generation. The following instructions describe the installation process:
NoteIf you press Enter at a prompt instead of typing in an entry, the RHN Proxy Server command-line installation program uses the default response enclosed in brackets.Alternatively, if you want to use default answers without any user interaction, use the
--non-interactiveoption, which will use all default responses.
- The first series of prompts are site-specific details about the installation.
Proxy version to activate [5.3]:The Proxy version prompts you to confirm the version of RHN Proxy Server you wish to install.
RHN Parent [satserver.example.com]:The RHN Parent is the domain name or address of the system that serves the Proxy, which could be the RHN Hosted servers (xmlrpc.rhn.redhat.com), or an RHN Satellite Server server.
Traceback email :The Traceback email is the email address to which error-related traceback messages are mailed, usually the email of the Proxy administrator. Use commas to separate more than one email address at this prompt.
- The next series of prompts are related to configuring the details for generating an SSL certificate, which is recommended to secure traffic to and from the RHN Proxy Server.
Use SSL [Y/n]: yIn the Use SSL prompt, type
yto configure the RHN Proxy Server to support SSL.
CA Chain [/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT]:In the CA Chain prompt, press Enter to use the default path for the Certificate Authority (CA) Chain, which if the RHN Proxy is communicating with an RHN Satellite then this value is usually
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT. If it is communicating with RHN Hosted, it is usually the
HTTP Proxy :If the RHN Proxy Server connects through an HTTP proxy, enter the proxy hostname and port number, such as
Regardless of whether you enabled SSL for the connection to the Proxy Parent Server, you will be prompted to generate an SSL certificate. This SSL certificate will allow client systems to connect to this Spacewalk Proxy securely. Refer to the Spacewalk Proxy Installation Guide for more information. Organization: Example Company Organization Unit [proxy1.example.com]: Common Name: proxy1.example.com City: New York State: New York Country code: US Email [email@example.com]:Enter the required details necessary to generate a proper SSL server certificate, including the Organzation name, the Organization Unit (such as
Engineering), the Common Name (the domain name), as well as the details for City, State and Country. Finally, enter the email address for the administrator or technical contact in charge of SSL certificates.
- The command-line installation program prompts you to install monitoring support to RHN Proxy Server, allows you to create and populate a configuration channel for future RHN Proxy Server installations, finalizes SSL configuration, and restarts any service daemons that had modified configurations as a result of running the RHN Proxy Server installation program.
You do not have monitoring installed. Do you want to install it? Will run 'yum install spacewalk-proxy-monitoring'. [Y/n]:nConfirm whether or not you want to install Monitoring support on the Proxy server.
Generating CA key and public certificate: CA password: CA password confirmation: Copying CA public certificate to /var/www/html/pub for distribution to clients: Generating SSL key and public certificate: CA password: Backup made: 'rhn-ca-openssl.cnf' --> 'rhn-ca-openssl.cnf.1' Rotated: rhn-ca-openssl.cnf --> rhn-ca-openssl.cnf.1 Installing SSL certificate for Apache and Jabberd: Preparing packages for installation... rhn-org-httpd-ssl-key-pair-proxy1.example-1.0-1The
configure-proxy.shprogram then configures SSL, prompting you to create a Certificate Authority password and confirm it before generating the SSL keys and the public certificate.
Create and populate configuration channel rhn_proxy_config_1000010000? [Y]: Using server name satserver.example.com Red Hat Network username: admin Password: Creating config channel rhn_proxy_config_1000010000 Config channel rhn_proxy_config_1000010000 created using server name satserver.example.com Pushing to channel rhn_proxy_config_1000010000: Local file /etc/httpd/conf.d/ssl.conf -> remote file /etc/httpd/conf.d/ssl.conf Local file /etc/rhn/rhn.conf -> remote file /etc/rhn/rhn.conf Local file /etc/rhn/cluster.ini -> remote file /etc/rhn/cluster.ini Local file /etc/squid/squid.conf -> remote file /etc/squid/squid.conf Local file /etc/httpd/conf.d/cobbler-proxy.conf -> remote file /etc/httpd/conf.d/cobbler-proxy.conf Local file /etc/httpd/conf.d/rhn_proxy.conf -> remote file /etc/httpd/conf.d/rhn_proxy.conf Local file /etc/httpd/conf.d/rhn_broker.conf -> remote file /etc/httpd/conf.d/rhn_broker.conf Local file /etc/httpd/conf.d/rhn_redirect.conf -> remote file /etc/httpd/conf.d/rhn_redirect.conf Local file /etc/jabberd/c2s.xml -> remote file /etc/jabberd/c2s.xml Local file /etc/jabberd/sm.xml -> remote file /etc/jabberd/sm.xmlThe installer then asks whether or not you wish to create a configuration channel based on the configuration files created while running
configure-proxy.sh. The installer will then create a RHN Satellite Server configuration channel based on the name of the client system upon which RHN Proxy Server is installed (in the example above the sysID is 1000010000), and collects the various
jabberdserver files that will comprise the configuration channel for the Proxy server.
- Finally, the installer starts and restarts all RHN Proxy Server related services and exits when completed.
Enabling Satellite Proxy Shutting down rhn-proxy... Shutting down Jabber router: [ OK ] Stopping httpd: [ OK ] Stopping squid: [ OK ] Done. Starting rhn-proxy... init_cache_dir /var/spool/squid... Starting squid: . [ OK ] Starting httpd: [ OK ] Starting Jabber services [ OK ] Done.
4.2.1. The Answer File
configure-proxy.shprogram allows administrators to create answer files that contain pre-filled responses to prompts in the installation program.
configure-proxy.shmanual page by typing
man configure-proxy.shat a shell prompt.
# example of answer file for configure-proxy.sh # for full list of possible option see # man configure-proxy.sh VERSION=5.2 RHN_PARENT=rhn-satellite.example.com TRACEBACK_EMAILfirstname.lastname@example.org USE_SSL=1 SSL_ORG="Red Hat" SSL_ORGUNIT="Spacewalk" SSL_CITY=Raleigh SSL_STATE=NC SSL_COUNTRY=US INSTALL_MONITORING=N ENABLE_SCOUT=N CA_CHAIN=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT POPULATE_CONFIG_CHANNEL=Y
answers.txtfor example) with
configure-proxy.sh, type the following: