1. After an evaluation, you contact your Red Hat sales representative to purchase RHN Satellite.
2. Your Red Hat contact sends you an RHN Entitlement Certificate via email.
3. Your Red Hat contact creates a Satellite-entitled account on the RHN website and sends you the login information.
4. Log into the RHN website (rhn.redhat.com) and download the distribution ISOs for Red Hat Enterprise Linux 5 or 6 and RHN Satellite. These can be found within the Downloads tab of the respective Channel Details pages. Refer to the RHN Reference Guide for instructions.
5. While still logged into the RHN website, download the Channel Content ISOs to be served by your Satellite, also available through the Downloads tab of your Satellite's Channel Details page. These Channel Content ISOs differ from the distribution ISOs previously mentioned in that they contain metadata necessary for parsing and serving packages by Satellite.
6. If installing a Stand-Alone Database, prepare your database instance using the formula provided in Chapter 2, Requirements.
7. Install Red Hat Enterprise Linux and then RHN Satellite on the Satellite machine.
8. Create the first user account on the Satellite by opening the Satellite's hostname in a Web browser and clicking Create Account. This will be the Satellite Administrator's (also referred to as the Organization Administrator) account.
9. Use the RHN Satellite Synchronization Tool to import the channels and associated packages into the Satellite.
10. Register a representative machine for each distribution type, or channel (such as Red Hat Enterprise Linux 5 or 6), to the Satellite.
11. Copy (using SCP) the rhn_register and up2date configuration files from the /etc/sysconfig/rhn/ directory of each machine individually to the /pub/ directory on the Satellite. The rhn-org-trusted-ssl-cert-*.noarch.rpm will already be there.
12. Download and install from the Satellite the configuration files and rhn-org-trusted-ssl-cert-*.noarch.rpm on the remaining client systems of the same distribution type. Repeat this and the previous step until all distribution types are complete.
13. Through the Satellite's website, create an Activation Key for each distribution aligned to the appropriate base channel. At this point, system groups and child channels may also be predefined.
14. Run the Activation Key from the command line (rhnreg_ks) of each client system. Note that this step can be scripted to batch register and reconfigure all remaining client systems in a distribution.
15. Record all relevant usernames, passwords and other login information and store in multiple secure places.
16. Now that the Satellite is populated with standard Red Hat channels and packages and all clients are connected to it, you may begin creating and serving custom channels and packages. Once the custom RPMs are developed, you can import them into the Satellite using RHN Push and add custom channels in which to store them through the Satellite's website. Refer to the RHN Channel Management Guide for details.

1. The RHN Satellite Installation Guide — This guide, which you are now reading, provides the essential steps necessary to get an RHN Satellite up and running.
2. The RHN Client Configuration Guide — This guide explains how to configure the systems to be served by an RHN Proxy Server or RHN Satellite. (This will also likely require referencing The RHN Reference Guide, which contains steps for registering and updating systems.)
3. The RHN Channel Management Guide — This guide identifies in great detail the recommended methods for building custom packages, creating custom channels, and managing private Errata.
4. The RHN Reference Guide — This guide describes how to create RHN accounts, register and update systems, and use the RHN website to its utmost potential. This guide will probably come in handy throughout the installation and configuration process.

1. Log into the machine as root.
2. Insert the RHN Satellite Server CD containing the installation files or download the ISO image from the RHN website.
3. If you are installing from CD, Red Hat Enterprise Linux may automount the CD. If it does so, it will mount the CD to the /media/cdrom/ directory.
   If Red Hat Enterprise Linux does not automount the CD, manually mount it to the /media/cdrom/ directory with the following command:

   mount /dev/cdrom /media/cdrom
   

   If you are installing from an ISO, mount the file from within the directory containing it using the command:

   mount -o loop iso_filename /media/cdrom
   

   The remaining instructions assume it is mounted in /media/cdrom/.
4. Ensure that the RHN Entitlement Certificate has been copied onto the Satellite's file system. It can be named anything and located in any directory. The installation program will ask you for its location. Also, make sure your account has been granted the necessary entitlements to conduct the installation.

   Warning

   Users should note that the RHN Satellite Installation Program updates the kernel, as well as all required packages.
5. From the /media/cdrom/ directory, enter the following command to start the RHN Satellite Installation Program:

   ./install.pl
   

   This script has several options to assist with your installation process. To view these options, enter the following command:

   ./install.pl --help
   

   Important

   The RHN Satellite Installation Program requires user interaction in order to complete. For the installer to run remotely without interaction, do not use nohup. Instead, run the process through a screen session.
6. The script first runs through a pre-requisite check. These checks make certain that all prerequisites from Chapter 2, Requirements are met before proceeding with the installation.

   * Starting the Red Hat Network Satellite installer.
   * Performing pre-install checks. 
   * Pre-install checks complete.  Beginning installation.
   

7. At the prompt, enter the email address to which you would like notifications from the Satellite to be sent. It may be a good idea to choose a general email address rather than the address of an individual, as there can be a large volume of emails.

   ? Admin email address? sat-admin@example.com
   

8. The Satellite is then registered with your RHN Hosted account, and all required packages are installed and updated.

   * RHN Registration 
   * Installing updates. 
   * Installing RHN packages.
   

9. Next, the RHN Satellite Installation Program downloads and installs the RHN GPG key, including setting up the /root/.gnupg/ directory, if required.

   * Setting up environment and users 
   ** GPG: Initializing GPG and importing RHN key. 
   ** GPG: Creating /root/.gnupg directory
   

   When running the RHN Satellite Installation Program in offline mode, it will not automatically download and install the RHN GPG key, which will cause the installation to fail. To import the key manually, use this command:

   rpm --import /media/RHEL_5/RPM-GPG-KEY-redhat-release
   

10. The next step creates and populates the initial database, if you have opted for the RHN Satellite with Embedded Database. If you are installing RHN Satellite with Stand-Alone Database, the installer connects with the database. This step can take quite a while. If you would like to monitor the progress of the installation, use tail in a separate window to monitor the /var/log/rhn/install_db.log file.

    * Setting up database. 
    ** Database: Installing the embedded database (not the schema). 
    ** Database: Shutting down the database first. 
    ** Database: Installing the database:
    ** Database: This is a long process that is logged in:
    ** Database:   /var/log/rhn/install_db.log
    *** Progress: ####
    

11. Once database installation is complete, or once the connection to the database is established, the Satellite is configured.

    * Setting up environment and users.
    

12. In order to activate the Satellite, you must provide it with the location of your Satellite certificate.

    * Activating Satellite. 
    Where is your satellite certificate file? /root/example.cert
    

13. The next step is to create a CA cert for the Satellite. To do so, you must answer a few questions.

    CA cert

    Enter a password for the certificate.

    Organization

    Enter the name of your organization

    Email Address

    Enter an email address to be associated with this certificate, such as the admin email entered in the steps above.

    City

    Enter the city where the Satellite resides.

    Country

    Enter the country where the Satellite resides. The country code must be exactly two letters, or the certificate generation fails.

14. Once the CA Cert certificate is generated, the RHN Satellite Installation Program performs final configuration and restarts the associated services.

    * Final configuration. 
    * Restarting services.
    Installation complete. 
    Visit https://your-satellite.example.com to create the satellite administrator account.
    

15. Follow the on-screen instructions and visit the FQDN of your Satellite via a web browser. Create the satellite administrator account - also referred to as the Organization Administrator - and click the Create Login button to move to the next screen, the Your RHN screen.
    

    Figure 4.1. Admin Account Creation

16. A blue text box appears at the top of the screen indicating that you can now custom-configure the Satellite and its behavior. To do so, click the bold clicking here text at the end.
    

    Figure 4.2. Final Configuration Prompt

17. The Satellite Configuration - General Configuration page allows you to alter the most basic Satellite settings, such as the admin email address and whether Monitoring is enabled.
    

    Figure 4.3. General Configuration

18. The RHN Satellite Configuration - Monitoring page allows you to configure the monitoring aspects of this Satellite. The local mail exchanger and local main domain are used to mail monitoring notification messages to administration. This is required only if you intend to receive alert notifications from probes. If you do, provide the mail server (exchanger) and domain to be used. Note that sendmail must be configured to handle email redirects of notifications. Refer to Section 4.5, “Sendmail Configuration” for instructions. When finished, click Continue. The RHN Registration page appears.
    

    Figure 4.4. Monitoring

19. The RHN Satellite Configuration - Certificate page allows you to upload a new Satellite certificate. To identify the certificate's path, click Browse, navigate to the file, and select it. To input its contents, open your certificate in a text editor, copy all lines, and paste them directly into the large text field at the bottom. Red Hat recommends using the file locator as it is less error prone. Click Validate Certificate to continue. If you receive errors related to DNS, ensure your Satellite is configured correctly
    

    Figure 4.5. Certificate

20. The RHN Satellite Configuration - Bootstrap page allows you to generate a bootstrap script for redirecting client systems from the central RHN Servers to the Satellite. This script, to be placed in the /var/www/html/pub/bootstrap/ directory of the Satellite, significantly reduces the effort involved in reconfiguring all systems, which by default obtain packages from the central RHN Servers. The required fields are pre-populated with values derived from previous installation steps. Ensure this information is accurate.
    Checkboxes offer options for including built-in security SSL and GNU Privacy Guard (GPG) features, both of which are advised. In addition, you may enable remote command acceptance and remote configuration management of the systems to be bootstrapped here. Both features are useful for completing client configuration. Finally, if you are using an HTTP proxy server, complete the related fields. When finished, click Generate Bootstrap Script. The Installation Complete page appears.
    

    Figure 4.6. Bootstrap

21. The RHN Satellite Configuration - Restart page contains the final step in configuring the Satellite. Click the Restart button to restart the Satellite in order to incorporate all of the configuration options added on the previous screens. Note that it will take between four and five minutes for the restart to finish.
    

    Figure 4.7. Restart

22. Once the Satellite has restarted, the countdown notice disappears. You are now free to begin using your Satellite.
    

    Figure 4.8. Restart Complete

1. Follow steps 1 through 5 from Section 4.2, “RHN Satellite Installation Program”.
2. Copy the example answers.txt file to /tmp/answers.txt

   cp answers.txt /tmp/answers.txt
   

3. Edit the file and add your organization's desired options.
4. Once the answer file is ready, use the --answer-file option when starting the installation process from the command line:

   ./install.pl --answer-file=/tmp/answers.txt
   

   The RHN Satellite Installation Program then looks for answers in the file. For any option no filled out in the file, the Installer Program prompts the user for the missing information.

1. Complete a minimal installation of Red Hat Enterprise Linux 4 or 5 (depending on the version of RHN Satellite that you will install).
2. Configure the system so that it can connect to RHN behind the HTTP proxy. Edit the file /etc/sysconfig/rhn/up2date as follows:

   enableProxy=1
   enableProxyAuth=1
   httpProxy=<http-proxy-fqdn>
   proxyUser=<proxy-username>
   proxyPassword=<proxy-password>
   

3. Register the system to RHN.
4. Begin the installation of RHN Satellite with the disconnected option:

   ./install.pl --disconnected
   

5. Once the installation is complete, you will need to add or modify your settings in the /etc/rhn/rhn.conf file:

   server.satellite.http_proxy = <http-proxy-fqdn>
   server.satellite.http_proxy_username = <proxy-username>
   server.satellite.http_proxy_password = <proxy-password>
   
   disconnected=0
   

   You will also need to update the /etc/rhn/rhn.conf file to include the parent parameter satellite.rhn.redhat.com:

   server.satellite.rhn_parent = satellite.rhn.redhat.com
   

   Note

   Alternatively, if you are using the RHN Satellite web interface, log in as a user with Administrator privileges. Browse to Admin → RHN Satellite Configuration → General. From here, enter the HTTP Proxy settings, and toggle the Disconnected RHN Satellite option.
6. Restart the Satellite service:

   service rhn-satellite restart
   

7. Reactivate the Satellite as a connected Satellite:

   rhn-satellite-activate --rhn-cert=<path-to-cert>
   

1. Log into https://rhn.redhat.com with your organization's Satellite-entitled account.
2. Click Systems in the top navigation bar and then the name of the RHN Satellite. You may also find the Satellite through the Satellite line item within the Channels category.
3. In the System Details page, click the Satellite subtab and examine the existing certificate. Ensure you have a backup of this file by copying and pasting its contents into a text editor.
4. Click Deactivate Satellite License at the bottom of the page. Then click Confirm Deactivation. You will receive a message describing the deactivation at the top of the page.
5. You may then browse to the location of your new RHN Entitlement Certificate or paste its contents into the text field provided. When done, click Update Certificate.

1. Connects over SSL to central RHN Servers, authenticates itself as an RHN Satellite, and triggers an export of RHN data — unless a local mount point for RHN-exported data is specified, in which case no connection is necessary. Refer to Section 6.3.2, “Synchronizing Errata and Packages via Local Media” for an explanation.
2. Examines the export and identifies differences between the RHN Satellite data set and the exported RHN data set. For a particular channel, the following information is analyzed:
   • Channel metadata
   • Metadata of all packages in that channel
   • Metadata for all Errata that affect that channel

   Note

   All analysis is performed on the RHN Satellite; the central RHN Servers deliver only an export of its channel information and remain ignorant of any details regarding the RHN Satellite.
3. After the analysis of the export data, any differences are imported into the RHN Satellite database. Please note that importing new packages may take variable lengths of time. For a large update, an import can take many hours.

1. Import content from master to slave satellite.

   satellite-sync --parent-sat=master.satellite.domain.com -c channel-name --orgid=2
   

2. Import content from an exported dump of a specific org

   $ satellite-sync -m /dump -c channel-name --orgid=2
   

3. Import content from RHN Hosted (assuming the system is registered and activated. If the source org is not specified, the base Red Hat channel is chosen).

   $ satellite-sync -c channel-name

1. Install RHN Satellite with Embedded Database (and a base install of Red Hat Enterprise Linux) on a separate machine, skipping the SSL Certificate generation step.
2. Back up the primary Satellite's database daily using the commands described in Section 8.4.2, “Backing up the Database”. If this is done, only changes made the day of the failure will be lost.
3. Establish a mechanism to copy the backup to the secondary Satellite and keep these repositories synchronized using a file transfer program such as rsync. If you're using a SAN, copying isn't necessary.
4. Use RHN DB Control's restore option to import the duplicate data.
5. If the primary Satellite fails, transfer the SSL key pair RPM package in /root/ssl-build from the primary to the secondary Satellite, and install the package. This ensures that RHN clients can authenticate with and securely connect to the secondary Satellite.
6. Change DNS to point to the new machine or configure your load balancer appropriately.

1. Prepare the Stand-Alone Database for failover using Oracle's recommendations for building a fault-tolerant database. Consult your database administrator.
2. Install RHN Satellite with Stand-Alone Database (and a base install of Red Hat Enterprise Linux) on a separate machine, skipping the database configuration, database schema, SSL certificate, and bootstrap script generation steps. Include the same RHN account and database connection information provided during the initial Satellite install and register the new Satellite.
   If your original SSL certificate does not take your high-availability solution into account, you may create a new one with a more appropriate Common Name value now. In this case, you may also generate a new bootstrap script that captures this new value.
3. After installation, copy the following files from the primary Satellite to the secondary Satellite:
   • /etc/rhn/rhn.conf
   • /etc/tnsnames.ora
   • /var/www/rhns/server/secret/rhnSecret.py
4. Copy and install the server-side SSL certificate RPMs from the primary Satellite to the secondary. Refer to the Sharing Certificates section of the RHN Client Configuration Guide for precise instructions. Remember, the Common Name value must represent the combined Satellite solution, not a single machine's hostname.
   If you generated a new SSL certificate during Satellite installation that included a new Common Name value, copy the SSL certificate RPMs from the secondary to the primary Satellite and redistribute the client-side certificate. If you also created another bootstrap script, you may use this to install the certificate on client systems.
5. If you did not create a new bootstrap script, copy the contents of /var/www/html/pub/bootstrap/ from the primary Satellite to the secondary. If you did generate a new one, copy that directory's contents to the primary Satellite.
6. Turn off the RHN Task Engine on the secondary Satellite with the following command:

   /sbin/service taskomatic stop
   

   You may use custom scripting or other means to establish automatic start-up/failover of the RHN Task Engine on the secondary Satellite. Regardless, it will need to be started upon failover.
7. Share channel package data (by default located in /var/satellite) between the Satellites over some type of networked storage device. This eliminates data replication and ensures a consistent store of data for each Satellite.
8. Share cache data (by default located in /var/cache/rhn) between the Satellites over some type of networked storage device. This eliminates data replication and ensures a consistent store of cached data for each Satellite.
9. Make the various Satellites available on your network via Common Name and a method suiting your infrastructure. Options include round-robin DNS, a network load balancer, and a reverse-proxy setup.

Configuring RHN Satellite to use PAM

1. Create a PAM service file in the /etc/pam.d/ directory:

   touch /etc/pam.d/rhn-satellite

2. Edit the file with the following information:

   auth        required      pam_env.so
   auth        sufficient    pam_sss.so 
   auth        required      pam_deny.so
   account     sufficient    pam_sss.so
   account     required      pam_deny.so
   

3. Instruct the satellite to use the PAM service file by adding the following line to the /etc/rhn/rhn.conf file:

   pam_auth_service = rhn-satellite

4. Restart the service to pick up the changes:

   rhn-satellite restart
   

5. To enable a user to authenticate against PAM, select the checkbox labeled Pluggable Authentication Modules (PAM). It is positioned below the password and password confirmation fields on the Create User page.