-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for Red Hat Satellite
2.4. Additional Requirements
The following additional requirements must be met before the RHN Proxy Server installation can be considered complete:
- Full Access
- Client systems need full network access to the RHN Proxy Server services and ports.
- Firewall Rules
- RHN strongly recommends firewalling the RHN Proxy Server solution from the Internet. However, various TCP ports must be opened on the Proxy, depending on your implementation of RHN Proxy Server:
Table 2.1. Ports to open on the Proxy
Port Direction Reason 80 Outbound Proxy uses this port to reach rhn.redhat.com, xmlrpc.rhn.redhat.com, and your Satellite URL (depending on whether RHN Proxy is talking to either RHN Hosted or a Satellite Server). 80 Inbound Client requests come in via either http or https 443 Inbound Client requests come in via either http or https 443 Outbound Proxy uses this port to reach rhn.redhat.com, xmlrpc.rhn.redhat.com, and your Satellite URL (depending on whether RHN Proxy is talking to either RHN Hosted or a Satellite Server). 4545 Outbound If your Proxy is connected to an RHN Satellite Server, Monitoring makes connections to rhnmd
running on client systems via this TCP port, if Monitoring is enabled and probes configured to registered systems.5222 Inbound Opening this port allows osad
client connections to thejabberd
daemon on the Proxy when using RHN Push technology.5269 Outbound If your Proxy is connected an RHN Satellite Server, this port must be open to allows server-to-server connections via jabberd
for RHN Push Technology. - Synchronized System Times
- There is great time sensitivity when connecting to a Web server running SSL (Secure Sockets Layer); it is imperative the time settings on the clients and server are reasonably close together so the that SSL certificate does not expire before or during use. It is recommended that Network Time Protocol (NTP) be used to synchronize the clocks.
- Fully Qualified Domain Name (FQDN)
- The system upon which the RHN Proxy Server will be installed must resolve its own FQDN properly.
- A Red Hat Network Account
- Customers who will be connecting to the central Red Hat Network Servers to receive incremental updates must have a Red Hat Network account. The sales representative assists with the setup of this account at the time of purchase.
- Backups of Login Information
- It is imperative that customers keep track of all primary login information. For RHN Proxy Server, this includes usernames and passwords for the Organization Administrator account and SSL certificate generation. Red Hat strongly recommends this information be copied onto two separate floppy disks, printed out on paper, and stored in a fireproof safe.
- Distribution Locations
- Since the Proxy forwards virtually all local HTTP requests to the central RHN Servers, you must take care to put files destined for distribution (such as in a kickstart installation tree) in the non-forwarding location on the Proxy:
/var/www/html/pub/
. Files placed in this directory can be downloaded directly from the Proxy. This can be especially useful for distributing GPG keys or establishing installation trees for kickstarts.
In addition, Red Hat recommends that the system running the code not be publicly available. No users but the system administrators should have shell access to these machines. All unnecessary services should be disabled. You can use
ntsysv
or chkconfig
to disable services.
Finally, you should have the following technical documents in hand for use in roughly this order:
- The RHN Proxy Server Installation Guide — This guide, which you are now reading, provides the essential steps necessary to get an RHN Proxy Server up and running.
- The RHN Client Configuration Guide — This guide explains how to configure the systems to be served by an RHN Proxy Server or RHN Satellite Server. (This will also likely require referencing The RHN Reference Guide, which contains steps for registering and updating systems.)
- The RHN Channel Management Guide — This guide identifies in great detail the recommended methods for building custom packages, creating custom channels, and managing private Errata.
- The RHN Reference Guide — This guide describes how to create RHN accounts, register and update systems, and use the RHN website to its utmost potential. This guide will probably come in handy throughout the installation and configuration process.