4.2. RHN Proxy Server Installation Process

The following instructions describe the RHN Proxy Server installation process:
  1. Register the newly-installed Red Hat Enterprise Linux system with Red Hat Network (either the central RHN Servers or your RHN Satellite Server) using the organizational account containing the RHN Proxy Server entitlement with the command: rhn_register.
  2. To perform an installation, type the following command:
    configure-proxy.sh
    
    
    The command-line installation program leads users through a series of prompts regarding RHN Proxy Server installation and initial configuration details such as installation options and SSL certificate generation. The following instructions describe the installation process:

    Note

    If you press Enter at a prompt instead of typing in an entry, the RHN Proxy Server command-line installation program uses the default response enclosed in brackets.
    Alternatively, if you want to use default answers without any user interaction, use the --non-interactive option, which will use all default responses.
  3. The first series of prompts are site-specific details about the installation.
    Proxy version to activate [5.3]:
    
    
    The Proxy version prompts you to confirm the version of RHN Proxy Server you wish to install.
    RHN Parent [satserver.example.com]:
    
    
    The RHN Parent is the domain name or address of the system that serves the Proxy, which could be the RHN Hosted servers (xmlrpc.rhn.redhat.com), or an RHN Satellite Server server.
    Traceback email []:
    
    
    The Traceback email is the email address to which error-related traceback messages are mailed, usually the email of the Proxy administrator. Use commas to separate more than one email address at this prompt.
  4. The next series of prompts are related to configuring the details for generating an SSL certificate, which is recommended to secure traffic to and from the RHN Proxy Server.
    Use SSL [Y/n]: y
    
    
    In the Use SSL prompt, type y to configure the RHN Proxy Server to support SSL.
    CA Chain [/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT]:
    
    
    In the CA Chain prompt, press Enter to use the default path for the Certificate Authority (CA) Chain, which if the RHN Proxy is communicating with an RHN Satellite then this value is usually /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT. If it is communicating with RHN Hosted, it is usually the /usr/share/rhn/RHNS-CA-CERT file.
    HTTP Proxy []:
    
    
    If the RHN Proxy Server connects through an HTTP proxy, enter the proxy hostname and port number, such as corporate.proxy.example.com:3128
    Regardless of whether you enabled SSL for the connection to the Proxy Parent
    Server, you will be prompted to generate an SSL certificate.
    This SSL certificate will allow client systems to connect to this Spacewalk Proxy
    securely. Refer to the Spacewalk Proxy Installation Guide for more information.
    Organization: Example Company
    Organization Unit [proxy1.example.com]:
    Common Name: proxy1.example.com
    City: New York
    State: New York
    Country code: US
    Email [admin@example.com]:
    
    
    Enter the required details necessary to generate a proper SSL server certificate, including the Organzation name, the Organization Unit (such as Engineering), the Common Name (the domain name), as well as the details for City, State and Country. Finally, enter the email address for the administrator or technical contact in charge of SSL certificates.
  5. The command-line installation program prompts you to install monitoring support to RHN Proxy Server, allows you to create and populate a configuration channel for future RHN Proxy Server installations, finalizes SSL configuration, and restarts any service daemons that had modified configurations as a result of running the RHN Proxy Server installation program.
    You do not have monitoring installed. Do you want to install it?
    Will run 'yum install spacewalk-proxy-monitoring'.  [Y/n]:n
    
    
    Confirm whether or not you want to install Monitoring support on the Proxy server.
    Generating CA key and public certificate:
    CA password: 
    CA password confirmation: 
    Copying CA public certificate to /var/www/html/pub for distribution to clients:
    Generating SSL key and public certificate:
    CA password: 
    Backup made: 'rhn-ca-openssl.cnf' --> 'rhn-ca-openssl.cnf.1'
    Rotated: rhn-ca-openssl.cnf --> rhn-ca-openssl.cnf.1
    Installing SSL certificate for Apache and Jabberd:
    Preparing packages for installation...
    rhn-org-httpd-ssl-key-pair-proxy1.example-1.0-1
    
    
    The configure-proxy.sh program then configures SSL, prompting you to create a Certificate Authority password and confirm it before generating the SSL keys and the public certificate.
    Create and populate configuration channel rhn_proxy_config_1000010000? [Y]:
    Using server name satserver.example.com
    Red Hat Network username: admin
    Password:
    Creating config channel rhn_proxy_config_1000010000
    Config channel rhn_proxy_config_1000010000 created
    using server name satserver.example.com
    Pushing to channel rhn_proxy_config_1000010000:
    Local file /etc/httpd/conf.d/ssl.conf -> remote file /etc/httpd/conf.d/ssl.conf
    Local file /etc/rhn/rhn.conf -> remote file /etc/rhn/rhn.conf
    Local file /etc/rhn/cluster.ini -> remote file /etc/rhn/cluster.ini
    Local file /etc/squid/squid.conf -> remote file /etc/squid/squid.conf
    Local file /etc/httpd/conf.d/cobbler-proxy.conf -> remote file /etc/httpd/conf.d/cobbler-proxy.conf
    Local file /etc/httpd/conf.d/rhn_proxy.conf -> remote file /etc/httpd/conf.d/rhn_proxy.conf
    Local file /etc/httpd/conf.d/rhn_broker.conf -> remote file /etc/httpd/conf.d/rhn_broker.conf
    Local file /etc/httpd/conf.d/rhn_redirect.conf -> remote file /etc/httpd/conf.d/rhn_redirect.conf
    Local file /etc/jabberd/c2s.xml -> remote file /etc/jabberd/c2s.xml
    Local file /etc/jabberd/sm.xml -> remote file /etc/jabberd/sm.xml
    
    
    The installer then asks whether or not you wish to create a configuration channel based on the configuration files created while running configure-proxy.sh. The installer will then create a RHN Satellite Server configuration channel based on the name of the client system upon which RHN Proxy Server is installed (in the example above the sysID is 1000010000), and collects the various httpd, SSL, squid, and jabberd server files that will comprise the configuration channel for the Proxy server.
  6. Finally, the installer starts and restarts all RHN Proxy Server related services and exits when completed.
    Enabling Satellite Proxy
    Shutting down rhn-proxy...
    Shutting down Jabber router:                               [  OK  ]
    Stopping httpd:                                            [  OK  ]
    Stopping squid:                                            [  OK  ]
    Done.
    Starting rhn-proxy...
    init_cache_dir /var/spool/squid... Starting squid: .       [  OK  ]
    Starting httpd:                                            [  OK  ]
    Starting Jabber services                                   [  OK  ]
    Done.
    
    

4.2.1. The Answer File

If you want to automate some of the process of installing RHN Proxy Server on your systems, the configure-proxy.sh program allows administrators to create answer files that contain pre-filled responses to prompts in the installation program.
The following is an example answer file that contains pre-filled answers related to version number, the RHN Satellite Server server that serves as the parent server, SSL, and other configuration parameters. For more information about creating and using answer files, refer to the configure-proxy.sh manual page by typing man configure-proxy.sh at a shell prompt.
# example of answer file for configure-proxy.sh
# for full list of possible option see
# man configure-proxy.sh

VERSION=5.2
RHN_PARENT=rhn-satellite.example.com
TRACEBACK_EMAIL=jsmith@example.com
USE_SSL=1
SSL_ORG="Red Hat"
SSL_ORGUNIT="Spacewalk"
SSL_CITY=Raleigh
SSL_STATE=NC
SSL_COUNTRY=US
INSTALL_MONITORING=N
ENABLE_SCOUT=N
CA_CHAIN=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
POPULATE_CONFIG_CHANNEL=Y

To use an answer file (called answers.txt for example) with configure-proxy.sh, type the following:
configure-proxy.sh --answer-file=answers.txt