Red Hat Training
A Red Hat training course is available for Red Hat Satellite
Installation Guide
Red Hat Network Satellite
Edition 2
Abstract
Chapter 1. Introduction
1.1. Red Hat Network
- Scalability — with Red Hat Network, a single system administrator can set up and maintain hundreds or thousands of Red Hat systems more easily, accurately, and quickly than they could maintain a single system without Red Hat Network.
- Standard Protocols — standard protocols are used to maintain security and increase capability. For example, XML-RPC gives Red Hat Network the ability to do much more than merely download files.
- Security — all communication between registered systems and Red Hat Network takes place over secure Internet connections.
- View Errata Alerts — easily view Errata Alerts for all your client systems through one website.
- Scheduled Actions — use the website to schedule actions, including Errata Updates, package installs, and software profile updates.
- Simplification — maintaining Red Hat systems becomes a simple, automated process.
1.2. RHN Satellite
- Security — an end-to-end secure connection is maintained from the client systems to the RHN Satellite without connecting to the public Internet.
- Efficiency — packages are delivered significantly faster over a local area network.
- Control — clients' System Profiles are stored on the local RHN Satellite, not on the central Red Hat Network Servers.
- Customized updates — create a truly automated package delivery system for custom software packages required by client systems, as well as Red Hat packages. Custom channels allow fine-grained control of the delivery of custom packages.
- Access control — system administrators can be restricted to access only those systems within their maintenance responsibilities.
- Bandwidth management — the bandwidth used for transactions between the clients and the RHN Satellite is controlled by the organization on the local area network; RHN Satellite clients do not have to compete with other clients accessing the central Red Hat Network file servers.
- Scalability — RHN Satellite may oversee an entire organization's servers in combination with RHN Proxy Server.
1.3. Terms to Understand
- Channel — A Channel is a list of software packages. There are two types of channels: base channels and child channels. A base channel consists of a list of packages based on a specific architecture and Red Hat release. A child channel is a channel associated with a base channel that contains extra packages.
- Organization Administrator — An Organization Administrator is a user role with the highest level of control over an organization's Red Hat Network account. Members of this role can add other users, systems, and system groups to the organization as well as remove them. A Red Hat Network organization must have at least one Organization Administrator.
- Channel Administrator — A Channel Administrator is a user role with full access to channel management capabilities. Users with this role are capable of creating channels, assigning packages to channels, cloning channels, and deleting channels. This role can be assigned by an Organization Administrator through the Users tab of the RHN website.
- Certificate Authority — A Certificate Authority distributes digital signatures to users as part of public key infrastructure for encrypted authentication and communication.
- Red Hat Update Agent — The Red Hat Update Agent is the Red Hat Network client application that allows users to retrieve and install new or updated packages for the client system on which the application is run.
- Traceback — A Traceback is a detailed description of "what went wrong" that is useful for troubleshooting the RHN Satellite. Tracebacks are automatically generated when a critical error occurs and are mailed to the individual(s) designated in the RHN Satellite's configuration file.
1.4. How it Works
- Database — for the Stand-Alone Database, this may be the organization's existing database or, preferably, a separate machine. RHN Satellite supports Oracle Database 10g Release 2, Standard or Enterprise Edition. For the Embedded Database, the database comes bundled with RHN Satellite and is installed on the same machine as the Satellite during the installation process.
- RHN Satellite — core "business logic" and entry point for Red Hat Update Agent running on client systems. The RHN Satellite also includes an Apache HTTP Server (serving XML-RPC requests).
- RHN Satellite Web interface — advanced system, system group, user, and channel management interface.
- RPM Repository — package repository for Red Hat RPM packages and custom RPM packages identified by the organization.
- Management Tools:
- Database and file system synchronization tools
- RPM importing tools
- Channel maintenance tools (Web-based)
- Errata management tools (Web-based)
- User management tools (Web-based)
- Client system and system grouping tools (Web-based)
- Red Hat Update Agent on the client systems
Important
Figure 1.1. Using RHN Satellite and RHN Proxy Server Together
1.5. Summary of Steps
- After an evaluation, you contact your Red Hat sales representative to purchase RHN Satellite.
- Your Red Hat contact sends you an RHN Entitlement Certificate via email.
- Your Red Hat contact creates a Satellite-entitled account on the RHN website and sends you the login information.
- Log into the RHN website (rhn.redhat.com) and download the distribution ISOs for Red Hat Enterprise Linux 5 or 6 and RHN Satellite. These can be found within the Downloads tab of the respective Channel Details pages. Refer to the RHN Reference Guide for instructions.
- While still logged into the RHN website, download the Channel Content ISOs to be served by your Satellite, also available through the Downloads tab of your Satellite's Channel Details page. These Channel Content ISOs differ from the distribution ISOs previously mentioned in that they contain metadata necessary for parsing and serving packages by Satellite.
- If installing a Stand-Alone Database, prepare your database instance using the formula provided in Chapter 2, Requirements.
- Install Red Hat Enterprise Linux and then RHN Satellite on the Satellite machine.
- Create the first user account on the Satellite by opening the Satellite's hostname in a Web browser and clicking Create Account. This will be the Satellite Administrator's (also referred to as the Organization Administrator) account.
- Use the RHN Satellite Synchronization Tool to import the channels and associated packages into the Satellite.
- Register a representative machine for each distribution type, or channel (such as Red Hat Enterprise Linux 5 or 6), to the Satellite.
- Copy (using SCP) the
rhn_register
andup2date
configuration files from the/etc/sysconfig/rhn/
directory of each machine individually to the/pub/
directory on the Satellite. Therhn-org-trusted-ssl-cert-*.noarch.rpm
will already be there. - Download and install from the Satellite the configuration files and
rhn-org-trusted-ssl-cert-*.noarch.rpm
on the remaining client systems of the same distribution type. Repeat this and the previous step until all distribution types are complete. - Through the Satellite's website, create an Activation Key for each distribution aligned to the appropriate base channel. At this point, system groups and child channels may also be predefined.
- Run the Activation Key from the command line (
rhnreg_ks
) of each client system. Note that this step can be scripted to batch register and reconfigure all remaining client systems in a distribution. - Record all relevant usernames, passwords and other login information and store in multiple secure places.
- Now that the Satellite is populated with standard Red Hat channels and packages and all clients are connected to it, you may begin creating and serving custom channels and packages. Once the custom RPMs are developed, you can import them into the Satellite using RHN Push and add custom channels in which to store them through the Satellite's website. Refer to the RHN Channel Management Guide for details.
1.6. Upgrades
- Satellite Certificate
- Satellite Upgrade Documentation Package (
rhn-upgrade
) - New Installation ISO
1.6.1. Satellite Certificate
1.6.2. Satellite Upgrade Documentation Package (rhn-upgrade
)
rhn-upgrade
package, ensure the satellite is registered to RHN and to the Red Hat Network Satellite Channel, then using the package updating tool for your version of Red Hat Enterprise Linux to install the rhn-upgrade
package with the following commmand (on Red Hat Enterprise Linux 5 and 6):
yum install rhn-upgrade
- Log into the RHN Hosted web interface at https://rhn.redhat.com/.
- Click the Channels tab.
- Under Filter by Product Channel select Red Hat Network Products, then your current version of RHN Satellite, and finally your Satellite server's architecture from the drop-down menus.
- Press the Filter button.
- Click to expand the Red Hat Enterprise Linux tree for your version of the base operating system.
- Click the link in the Architecture column corresponding to Red Hat Network Satellite.
- Click on the Packages subtab.
- In the Filter by Package text box, type
rhn-upgrade
and press Go. - Click on the latest
rhn-upgrade
package release for the version of Satellite to which you are upgrading. - Click the Download Package link.
- Copy the package to the Satellite server.
- On the Satellite server run the following command:
rpm -Uvh rhn-upgrade-version.rpm
1.6.3. New Installation ISO
- Log into RHN
- Click on Software Downloads on the left-hand side of the screen
- Navigate to the version of Red Hat Enterprise Linux you are currently using
- Click on the latest version of RHN Satellite
- Then choose if you want the embedded Oracle Database ISO or the non-embedded version
/etc/sysconfig/rhn/satellite-upgrade/README
file in the rhn-upgrade
package.
Important
http://satellite.example.com/kickstart/dist/ks-rhel-i386-server-5
http://satellite.example.com/ks/dist/ks-rhel-i386-server-5
Chapter 2. Requirements
2.1. Software Requirements
- Base operating system — RHN Satellite is supported with Red Hat Enterprise Linux 5 and 6. The operating system can be installed from disc, local ISO image, kickstart, or any of the methods supported by Red Hat. Red Hat Enterprise Linux installations must provide the
@Base
package group with no other package-set modifications, and without third-party configurations or software that is not directly necessary for the direct operation of the server. This restriction includes hardening or other non-Red Hat security software. If such software is required in your infrastructure, you must first install and verify a complete working Satellite first, and then make a backup of the system before adding any non-Red Hat software.When installing a new RHN Satellite, it is recommended that the latest supported update to Red Hat Enterprise Linux is installed.Satellite can be installed on Red Hat Enterprise Linux 5 or 6 in any virtualized environment supported by Red Hat, including Xen, KVM, and VMware.Note that for production deployments, we recommend that you deploy RHN Satellite as the sole application running on the underlying physical hardware to avoid contention issues. Also, be aware that functional support for virtualized environments does not always equal the performance of running on physical hardware, so you may need to carefully consider your virtualized environment of choice and any tuning guide lines recommended.Note
Each purchased RHN Satellite product includes one supported instance of Red Hat Enterprise Linux Server. RHN Satellite must be installed on a fresh installation of Enterprise Linux where RHN Satellite is the only application and service provided by the OS. Using the Red Hat Enterprise Linux OS included with RHN Satellite to run other daemons, applications, or services within your environment is not supported.
- RHN Satellite supports SELinux targeted policy in
enforcing
orpermissive
mode on Red Hat Enterprise Linux 5 and 6. SELinux is a set of secure software policies that implement mandatory access control to Red Hat Enterprise Linux and other operating systems. Users can have SELinux inenforcing
orpermissive
mode with thetargeted
policy set during installation of Proxy or Satellite.
- Satellite installation disc or ISO — this contains the RHN Satellite Installation Program. All packages required in order to suport the Program are installed automatically, and require no intervention from the user.
Note
@Base
are required to install Red Hat Network Satellite. The Satellite installer will prompt you to either install the listed packages or ask if you want it to download the files from RHN. If your system is not registered to RHN, you should have the Red Hat Enterprise Linux installation media available during the Satellite installation process to install these additional packages as needed.
rhelrpms
file located in the updates
directory on the Satellite installation ISO image.
- Channel content — All software packages and data exported for all entitled Red Hat channels. This content may be loaded directly on the Satellite after installation using the RHN Satellite Synchronization Tool or obtained from your Red Hat representative if synchronization is not possible, such as in a disconnected environment.
2.2. Hardware Requirements
Table 2.1. RHN Satellite on Red Hat Enterprise Linux Architecture Support
Red Hat Enterprise Linux Version | x86 | x86_64 | s390x |
---|---|---|---|
Red Hat Enterprise Linux 5 | yes | yes | yes |
Red Hat Enterprise Linux 6 | no | yes | yes |
2.2.1. x86 and x86_64 Hardware Requirements
Table 2.2. Stand-Alone Database and Embedded Database Satellite Hardware Requirements
Stand-Alone Database | Embedded Database |
---|---|
Required - Intel Core processor, 2.4GHz, 512K cache or equivalent | Required - Intel Core processor, 2.4GHz, 512K cache or equivalent |
Recommended - Intel multi-core processor, 2.4GHz dual processor, 512K cache or equivalent | Recommended - Intel multi-core processor, 2.4GHz dual processor, 512K cache or equivalent |
Required - 2 GB of memory | Required - 2 GB of memory |
Recommended - 8 GB of memory | Strongly recommended - 8 GB of memory |
5 GB storage for base install of Red Hat Enterprise Linux | 5 GB storage for base install of Red Hat Enterprise Linux |
At least 30 GB storage per software channel (including Base and child channels), in /var/satellite/ , configurable at install | At least 30 GB storage per software channel (including Base and child channels), in /var/satellite/ , configurable at install |
Recommended - an external SAN for more reliable backups | Recommended - an external SAN for more reliable backups |
12 GB storage for the database repository, in the /rhnsat partition (local storage only) | |
Strongly recommended - a SCSI drive connected to a level 5 RAID | |
Separate partition (or better, a separate set of physical disks) for storing backups. This can be any directory specifiable at backup time. |
Note
/var/satellite/
, you also need space for cache files generated when using Satellite, which get regenerated, as needed, if deleted. These cache files are stored within /var/cache/rhn
, and the storage needs of this directory will vary greatly depending on the following factors:
- how many channels you sync or import from RHN or Channel dumps
- how many custom packages and channels you have
- Whether or not you are using Inter-Satellite Sync
/var/cache/rhn/
on a Satellite server. For very large Satellite deployments with numerous channels, packages, and using Inter Satellite Sync, your usage could grow to as much as 100 GB of space for cache files in /var/cache/rhn
.
- Two processors
- 2 GB of memory
/etc/sysconfig/rhn/rhnsd
configuration file of the client systems significantly increases the load on those components.
2.2.2. s/390 Hardware Requirements
Table 2.3. Stand-Alone Database and Embedded Database Satellite Hardware Requirements for s/390 Platform
Stand-Alone Database | Embedded Database |
---|---|
Required - 1 IFL, either in LPAR configuration or shared through z/VM | Required - 1 IFL, either in LPAR configuration or shared through z/VM |
Recommended - 2+ IFLs on z9 or earlier, 1+ IFL on z10 | Recommended - 2+ IFLs on z9 or earlier, 1+ IFL on z10 |
Required - 2 GB of storage (memory) | Required - 2 GB of storage (memory) |
Recommended - 8 GB of memory | Recommended - 8 GB of memory |
Required - 1 GB swap on ECKD DASD | Required - 1 GB swap on ECKD DASD |
Recommended - 512 MB swap on VDISK + 1 GB swap on ECKD DASD | Recommended - 512 MB swap on VDISK + 1 GB swap on ECKD DASD |
Required - 1xMod3 ECKD DASD or ≥ 2 GB FCP SCSI LUN for OS install | Required - 1xMod3 ECKD DASD or ≥ 2 GB FCP SCSI LUN for OS install |
Recommended - 1xMod9 ECKD DASD or ≥ 2 GB multipathed FCP SCSI LUN for Red Hat Enterprise Linux installation | Recommended - 1xMod9 ECKD DASD or ≥ 2 GB multipathed FCP SCSI LUN for Red Hat Enterprise Linux installation |
Estimated 12 GB disk space for embedded database | |
At least 30 GB storage per software channel (including Base and child channels), in /var/satellite/ , configurable at install | At least 30 GB storage per software channel (including Base and child channels), in /var/satellite/ , configurable at install |
Recommended - z/VM 5.3 or later[a] | Recommended - z/VM 5.3 or later |
Recommended - VSWITCH or Hipersocket LAN for high speed connections to guests | Recommended - VSWITCH or Hipersocket LAN for high speed connections to guests |
[a]
z/VM required for kickstart/provisioning of guests.
|
2.2.3. Additional Requirements
- The Stand-Alone Database must not run on the same server as the RHN Satellite.
- The package repository may be any large storage device easily and securely accessed by the other components. The space requirements depend on the number of packages that will be stored. Default Red Hat channels contain approximately 3 GB of packages each, and that size grows with each synchronization; customers must also account for the space requirements of packages in their own private channels. Whatever storage solution the customer chooses, its mount point may be defined during the installation process.
2.3. Database Requirements
Note
- 250 KiB per client system
- 500 KiB per channel, plus 230 KiB per package in the channel (so a channel with 5000 packages would require 1.1 Gib)
- The number of public Red Hat packages imported (typical: 5000)
- The number of private packages to be managed (typical: 500)
- The number of systems to be managed (typical: 1000)
- The number of packages installed on the average system (typical: 500)
- ALTER SESSION
- CREATE SEQUENCE
- CREATE SYNONYM
- CREATE TABLE
- CREATE VIEW
- CREATE PROCEDURE
- CREATE TRIGGER
- CREATE TYPE
- CREATE SESSION
- Security Identifier (SID)
- Listener Port
- Username
- UTF-8 character set
- Uniform Extent Size
- Auto Segment Space Management
Note
2.4. Additional Requirements
- Full AccessClient systems need full network access to the RHN Satellite solution's services and ports.
- Firewall RulesRHN strongly recommends firewalling the RHN Satellite solution from the Internet. However, various TCP ports must be opened on the Satellite, depending on your implementation of RHN Satellite. Some UDP ports will also be required for DHCP and TFTP services to function correctly.
Table 2.4. Ports to open on the Satellite
Port Protocol Direction Reason 67 TCP/UDP Inbound Open this port to configure the Satellite system as a DHCP server for systems requesting IP addresses. 69 TCP/UDP Inbound Open this port to configure Satellite as a PXE server and allow installation and re-installation of PXE-boot enabled systems. 80 TCP Outbound Satellite uses this port to reach Red Hat Network. 80 TCP Inbound Web UI and client requests come in via http. 443 TCP Inbound Web UI and client requests come in via https. 443 TCP Outbound Red Hat Network Satellite uses this port to reach Red Hat Network (unless running in a disconnected mode for Satellite). 4545 TCP Inbound and Outbound Red Hat Network Satellite Monitoring makes connections to rhnmd
running on client systems, if Monitoring is enabled and probes are configured for registered systems.5222 TCP Inbound If you plan to push actions to client systems. 5269 TCP Inbound and Outbound If you push actions to or via an Red Hat Network Proxy Server. RHN's list of hosts are as follows:rhn.redhat.com, xmlrpc.rhn.redhat.com, satellite.rhn.redhat.com, content-xmlrpc.rhn.redhat.com, content-web.rhn.redhat.com, and content-satellite.rhn.redhat.com - DMZ Proxy SolutionUnless the Satellite server is in disconnected mode, it needs to initiate outbound connections on ports 80 and 443 to the Red Hat Network (RHN) Hosted service (
rhn.redhat.com
,xmlrpc.rhn.redhat.com
, andsatellite.rhn.redhat.com
). To ensure correct functioning of the satellite system, do not restrict access to these hosts and ports. If required, an http or https proxy can be used, by issuing thesatellite-sync --http-proxy
command.The Satellite server needs to allow inbound connections on ports 80 and 443 from client systems and any RHN Proxy servers connected to the Satellite, as well as any system that needs to access the Satellite Web UI. WebUI and client requests come in via either http or https.The RHN monitoring functionality requires outbound connections to individual monitoring-enabled client systems on port 4545. RHN Satellite monitoring makes connections torhnmd
running on client systems if monitoring is enabled and probes are configured for registered systems.The RHN push functionality requires both outbound and inbound connections on port 5269 to and from each registered RHN Proxy server with RHN push functionality enabled. This is used for two-way communications between thejabberd
service on Satellite and Proxy, respectively. In addition, it needs to allow inbound connections on port 5222 from client systems directly registered to the Satellite. This is used for one-way (client to server) communications between theosad
service on client systems and thejabberd
service on the Satellite. - Synchronized System TimesThere is great time sensitivity when connecting to a Web server running SSL (Secure Sockets Layer); it is imperative that the time settings on the clients and server be reasonably close together so the SSL certificate does not expire before or during use. For this reason, Red Hat requires the Satellite and all client systems to use Network Time Protocol (NTP). This also applies to the separate database machine in RHN Satellite with Stand-Alone Database, which must also be set to the same time zone as the Satellite.
- Setting System Language and LocaleYou should properly set the UTF-8 encoding for your language and locale on your RHN Satellite system via the
/etc/sysconfig/i18n
file. TheLANG
setting in the file must be in the following format:LANG="[language_TERRITORY].UTF-8"
Thelanguage
andTERRITORY
are entered as two-letter codes. For example if your language is English and your locale is the United States, you set yourLANG
setting toen_US.UTF-8
. - Fully Qualified Domain Name (FQDN)The system upon which the RHN Satellite will be installed must resolve its own FQDN properly. If this is not the case, cookies will not work properly on the website.
Note
It is important that the hostname of a Satellite contains no uppercase letters. A hostname that includes uppercase letters can causejabberd
to fail.If, at any point, you need to change your Satellite hostname, refer to Section 8.7, “Changing the Satellite Hostname”. - Functioning Domain Name Service (DNS)For the RHN Satellite's domain name to be resolved by its clients, it and they must all be linked to a working DNS server in the customer environment.
- An Entitlement CertificateThe customer will receive, via email from the sales representative, a signed Entitlement Certificate explaining the services provided by Red Hat through RHN Satellite. This certificate will be required during the installation process.If you do not have an Entitlement Certificate at installation time, contact Red Hat Global Support Services at:
- A Red Hat Network AccountCustomers who connect to the central Red Hat Network Servers to receive incremental updates must have an external account with Red Hat Network. This account should be set up at the time of purchase with the sales representative.
Warning
Do not subscribe your RHN Satellite to any of the following child channels available on RHN Hosted:- Red Hat Developer Suite
- Red Hat Application Server
- Red Hat Extras
Subscribing to these channels and updating your Satellite may install newer, incompatible versions of critical software components, causing the Satellite to fail. - Backups of Login InformationIt is imperative that customers keep track of all primary login information. For RHN Satellite, this includes usernames and passwords for the Organization Administrator account on rhn.redhat.com, the primary administrator account on the Satellite itself, SSL certificate generation, and database connection (which also requires a SID, or net service name). Red Hat strongly recommends this information be copied onto two separate floppy disks, printed out on paper, and stored in a fireproof safe.
- The entire RHN Satellite solution should be protected by a firewall if the Satellite accesses or is accessed via the Internet. An Internet connection is not required for RHN Satellites running in completely disconnected environments. This feature instead uses Channel Content ISOs that can be downloaded to a separate system to synchronize the Satellite with the central Red Hat Network Servers. All other RHN Satellites should be synchronized directly over the Internet.
Note
If you are running a disconnected Satellite that is not registered to RHN Hosted the installation program will note and return a list of any missing additional packages needed beyond@base
to be installed, then the installation program will exit. This allows you to install those packages. You may want to use the installation ISO image or DVD media to create a repository for those additional packages, and then rerun the Satellite installer. - All unnecessary ports should be firewalled off. Client systems connect to RHN Satellite over ports 80, 443, and 4545 (if Monitoring is enabled). In addition, if you plan to enable the pushing of actions from the Satellite to client systems, as described in Section 8.11, “Enabling Push to Clients”, you must allow inbound connections on port 5222. Finally, if the Satellite will also push to an RHN Proxy Server, you must also allow inbound connections on port 5269.
- No system components should be directly, publicly available. No user other than the system administrators should have shell access to these machines.
- All unnecessary services should be disabled using ntsysv or
chkconfig
. - The
httpd
service should be enabled. - If the Satellite serves Monitoring-entitled systems and you wish to acknowledge via email the alert notifications you receive, you must configure sendmail to properly handle incoming mail as described in Section 4.5, “Sendmail Configuration”.
- The RHN Satellite Installation Guide — This guide, which you are now reading, provides the essential steps necessary to get an RHN Satellite up and running.
- The RHN Client Configuration Guide — This guide explains how to configure the systems to be served by an RHN Proxy Server or RHN Satellite. (This will also likely require referencing The RHN Reference Guide, which contains steps for registering and updating systems.)
- The RHN Channel Management Guide — This guide identifies in great detail the recommended methods for building custom packages, creating custom channels, and managing private Errata.
- The RHN Reference Guide — This guide describes how to create RHN accounts, register and update systems, and use the RHN website to its utmost potential. This guide will probably come in handy throughout the installation and configuration process.
Chapter 3. Example Topologies
- The total number of client systems to be served by the RHN Satellite.
- The maximum number of clients expected to connect concurrently to the RHN Satellite.
- The number of custom packages and channels to be served by the RHN Satellite.
- The number of RHN Satellites being used in the customer environment.
- The number of RHN Proxy Servers being used in the customer environment.
3.1. Single Satellite Topology
Figure 3.1. Single Satellite Topology
3.2. Multiple Satellite Horizontally Tiered Topology
rhn-satellite-exporter
and satellite-sync -m
commands. This feature is discussed in detail in Section 6.1.1, “rhn-satellite-exporter
”. Alternatively, the Inter-Satellite Sync 2 feature is designed for this purpose.
Figure 3.2. Multiple Satellite Horizontally Tiered Topology
3.3. Satellite-Proxy Vertically Tiered Topology
Figure 3.3. Satellite-Proxy Vertically Tiered Topology
Chapter 4. Installation
4.1. Base Install
- Allocate plenty of space to the partitions storing data. The default location for channel packages is
/var/satellite/
. For RHN Satellite with Embedded Database, remember the database RPMs go in the/opt/
partition, while the database itself is built in/rhnsat/
. Refer to Section 2.2, “Hardware Requirements” for precise specifications. - Enable Network Time Protocol (NTP) on the Satellite and separate database, if it exists, and select the appropriate time zone. All client systems should already be running the
ntpd
daemon and be set to the correct time zone. - Due to potential complications, it is strongly advised that the
/home/
partition is locally mounted.
4.2. RHN Satellite Installation Program
Important
/home/
partition is locally mounted.
- Log into the machine as root.
- Insert the RHN Satellite Server CD containing the installation files or download the ISO image from the RHN website.
- If you are installing from CD, Red Hat Enterprise Linux may automount the CD. If it does so, it will mount the CD to the
/media/cdrom/
directory.If Red Hat Enterprise Linux does not automount the CD, manually mount it to the/media/cdrom/
directory with the following command:mount /dev/cdrom /media/cdrom
If you are installing from an ISO, mount the file from within the directory containing it using the command:mount -o loop iso_filename /media/cdrom
The remaining instructions assume it is mounted in/media/cdrom/
. - Ensure that the RHN Entitlement Certificate has been copied onto the Satellite's file system. It can be named anything and located in any directory. The installation program will ask you for its location. Also, make sure your account has been granted the necessary entitlements to conduct the installation.
Warning
Users should note that the RHN Satellite Installation Program updates the kernel, as well as all required packages. - From the
/media/cdrom/
directory, enter the following command to start the RHN Satellite Installation Program:./install.pl
This script has several options to assist with your installation process. To view these options, enter the following command:./install.pl --help
Important
The RHN Satellite Installation Program requires user interaction in order to complete. For the installer to run remotely without interaction, do not usenohup
. Instead, run the process through ascreen
session. - The script first runs through a pre-requisite check. These checks make certain that all prerequisites from Chapter 2, Requirements are met before proceeding with the installation.
* Starting the Red Hat Network Satellite installer. * Performing pre-install checks. * Pre-install checks complete. Beginning installation.
- At the prompt, enter the email address to which you would like notifications from the Satellite to be sent. It may be a good idea to choose a general email address rather than the address of an individual, as there can be a large volume of emails.
? Admin email address? sat-admin@example.com
- The Satellite is then registered with your RHN Hosted account, and all required packages are installed and updated.
* RHN Registration * Installing updates. * Installing RHN packages.
- Next, the RHN Satellite Installation Program downloads and installs the RHN GPG key, including setting up the
/root/.gnupg/
directory, if required.* Setting up environment and users ** GPG: Initializing GPG and importing RHN key. ** GPG: Creating /root/.gnupg directory
When running the RHN Satellite Installation Program in offline mode, it will not automatically download and install the RHN GPG key, which will cause the installation to fail. To import the key manually, use this command:rpm --import /media/RHEL_5/RPM-GPG-KEY-redhat-release
- The next step creates and populates the initial database, if you have opted for the RHN Satellite with Embedded Database. If you are installing RHN Satellite with Stand-Alone Database, the installer connects with the database. This step can take quite a while. If you would like to monitor the progress of the installation, use
tail
in a separate window to monitor the/var/log/rhn/install_db.log
file.* Setting up database. ** Database: Installing the embedded database (not the schema). ** Database: Shutting down the database first. ** Database: Installing the database: ** Database: This is a long process that is logged in: ** Database: /var/log/rhn/install_db.log *** Progress: ####
- Once database installation is complete, or once the connection to the database is established, the Satellite is configured.
* Setting up environment and users.
- In order to activate the Satellite, you must provide it with the location of your Satellite certificate.
* Activating Satellite. Where is your satellite certificate file? /root/example.cert
- The next step is to create a CA cert for the Satellite. To do so, you must answer a few questions.
- CA cert
- Enter a password for the certificate.
- Organization
- Enter the name of your organization
- Email Address
- Enter an email address to be associated with this certificate, such as the admin email entered in the steps above.
- City
- Enter the city where the Satellite resides.
- Country
- Enter the country where the Satellite resides. The country code must be exactly two letters, or the certificate generation fails.
- Once the CA Cert certificate is generated, the RHN Satellite Installation Program performs final configuration and restarts the associated services.
* Final configuration. * Restarting services. Installation complete. Visit https://your-satellite.example.com to create the satellite administrator account.
- Follow the on-screen instructions and visit the FQDN of your Satellite via a web browser. Create the satellite administrator account - also referred to as the Organization Administrator - and click the Create Login button to move to the next screen, the Your RHN screen.
Figure 4.1. Admin Account Creation
- A blue text box appears at the top of the screen indicating that you can now custom-configure the Satellite and its behavior. To do so, click the bold clicking here text at the end.
Figure 4.2. Final Configuration Prompt
- The Satellite Configuration - General Configuration page allows you to alter the most basic Satellite settings, such as the admin email address and whether Monitoring is enabled.
Figure 4.3. General Configuration
- The RHN Satellite Configuration - Monitoring page allows you to configure the monitoring aspects of this Satellite. The local mail exchanger and local main domain are used to mail monitoring notification messages to administration. This is required only if you intend to receive alert notifications from probes. If you do, provide the mail server (exchanger) and domain to be used. Note that sendmail must be configured to handle email redirects of notifications. Refer to Section 4.5, “Sendmail Configuration” for instructions. When finished, click Continue. The RHN Registration page appears.
Figure 4.4. Monitoring
- The RHN Satellite Configuration - Certificate page allows you to upload a new Satellite certificate. To identify the certificate's path, click Browse, navigate to the file, and select it. To input its contents, open your certificate in a text editor, copy all lines, and paste them directly into the large text field at the bottom. Red Hat recommends using the file locator as it is less error prone. Click Validate Certificate to continue. If you receive errors related to DNS, ensure your Satellite is configured correctly
Figure 4.5. Certificate
- The RHN Satellite Configuration - Bootstrap page allows you to generate a bootstrap script for redirecting client systems from the central RHN Servers to the Satellite. This script, to be placed in the
/var/www/html/pub/bootstrap/
directory of the Satellite, significantly reduces the effort involved in reconfiguring all systems, which by default obtain packages from the central RHN Servers. The required fields are pre-populated with values derived from previous installation steps. Ensure this information is accurate.Checkboxes offer options for including built-in security SSL and GNU Privacy Guard (GPG) features, both of which are advised. In addition, you may enable remote command acceptance and remote configuration management of the systems to be bootstrapped here. Both features are useful for completing client configuration. Finally, if you are using an HTTP proxy server, complete the related fields. When finished, click Generate Bootstrap Script. The Installation Complete page appears.Figure 4.6. Bootstrap
- The RHN Satellite Configuration - Restart page contains the final step in configuring the Satellite. Click the Restart button to restart the Satellite in order to incorporate all of the configuration options added on the previous screens. Note that it will take between four and five minutes for the restart to finish.
Figure 4.7. Restart
- Once the Satellite has restarted, the countdown notice disappears. You are now free to begin using your Satellite.
Figure 4.8. Restart Complete
4.2.1. Options to the Satellite Installation Program
Table 4.1. Installation Options
Option | Usage |
---|---|
--help | Print this help message. |
--answer-file=<filename> | Indicates the location of an answer file to be use for answering questions asked during the installation process. |
--non-interactive | For use only with --answer-file . If the --answer-file does not provide a required response, exit instead of prompting the user. |
--re-register | Register the system with RHN, even if it is already registered. |
--disconnected | Install the satellite in disconnected mode. |
--clear-db | Clear any pre-existing database schema before installing. This will destroy any data in the Satellite database and re-create empty Satellite schema. |
--skip-system-version-test | Do not test the Red Hat Enterprise Linux version before installing. |
--skip-selinux-test | Do not check to make sure SELINUX is disabled. |
--skip-fqdn-test | Do not verify that the system has a valid hostname. RHN Satellite requires that the hostname be properly set during installation. Using this option may result in a Satellite server that is not fully functional. |
--skip-db-install | Do not install the embedded database. This option may be useful if you are reinstalling the satellite, and do not want to clear the database. |
--skip-db-diskspace-check | Do not check to make sure there is enough free disk space to install the embedded database. |
--skip-db-population | Do not populate the database schema. |
--skip-gpg-key-import | Do not import Red Hat's GPG key. |
--skip-ssl-cert-generation | Do not generate the SSL certificates for the Satellite. |
--run-updater | Do not ask to install needed packages from RHN, if the system is registered. |
4.3. Automated RHN Satellite Server Installation
install/
directory of the CD or ISO, and is titled answers.txt
.
- Follow steps 1 through 5 from Section 4.2, “RHN Satellite Installation Program”.
- Copy the example
answers.txt
file to/tmp/answers.txt
cp answers.txt /tmp/answers.txt
- Edit the file and add your organization's desired options.
- Once the answer file is ready, use the
--answer-file
option when starting the installation process from the command line:./install.pl --answer-file=/tmp/answers.txt
The RHN Satellite Installation Program then looks for answers in the file. For any option no filled out in the file, the Installer Program prompts the user for the missing information.
4.4. Installing Satellite behind an HTTP Proxy
rhn.conf
to control its connection settings, there is no way to add options to that file prior to installation of RHN Satellite. If your network is behind an HTTP proxy in your organization, you cannot activate the RHN Satellite at installation time. A workaround to this issue is to first perform a disconnected installation of RHN Satellite, then switch the configuration to a connected method after installation is completed. The following demonstrates how to create a connected RHN Satellite installation behind an HTTP proxy:
- Complete a minimal installation of Red Hat Enterprise Linux 4 or 5 (depending on the version of RHN Satellite that you will install).
- Configure the system so that it can connect to RHN behind the HTTP proxy. Edit the file
/etc/sysconfig/rhn/up2date
as follows:enableProxy=1 enableProxyAuth=1 httpProxy=<http-proxy-fqdn> proxyUser=<proxy-username> proxyPassword=<proxy-password>
- Register the system to RHN.
- Begin the installation of RHN Satellite with the disconnected option:
./install.pl --disconnected
- Once the installation is complete, you will need to add or modify your settings in the
/etc/rhn/rhn.conf
file:server.satellite.http_proxy = <http-proxy-fqdn> server.satellite.http_proxy_username = <proxy-username> server.satellite.http_proxy_password = <proxy-password> disconnected=0
You will also need to update the/etc/rhn/rhn.conf
file to include the parent parametersatellite.rhn.redhat.com
:server.satellite.rhn_parent = satellite.rhn.redhat.com
Note
Alternatively, if you are using the RHN Satellite web interface, log in as a user withAdministrator
privileges. Browse to Admin → RHN Satellite Configuration → General. From here, enter the HTTP Proxy settings, and toggle the Disconnected RHN Satellite option. - Restart the Satellite service:
service rhn-satellite restart
- Reactivate the Satellite as a connected Satellite:
rhn-satellite-activate --rhn-cert=<path-to-cert>
4.5. Sendmail Configuration
Important
rogerthat01@{mail domain}
as a valid email address in your corporate environment. Check with your mail systems administrator.
ln -s /usr/bin/ack_enqueuer.pl /etc/smrsh/.
/etc/aliases
file on the mail server and add the following line:
rogerthat01: | /etc/smrsh/ack_enqueuer.pl
/etc/mail/sendmail.mc
file and change:
"DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl"
"DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl"
newaliases
sendmail-cf
package:
yum update sendmail-cf
service sendmail restart
4.6. MySQL Installation
mysql-server
package either through the RHN website or by yum
.
mysql-server
package to be installed and run successfully. Once finished, your Satellite may be used to schedule MySQL probes.
Chapter 5. Entitlements
5.1. Receiving the Certificate
<?xml version="1.0" encoding="UTF-8"?> <rhn-cert version="0.1"> <rhn-cert-field name="product">RHN-SATELLITE-001</rhn-cert-field> <rhn-cert-field name="owner">Clay's Precious Satellite</rhn-cert-field> <rhn-cert-field name="issued">2005-01-11 00:00:00</rhn-cert-field> <rhn-cert-field name="expires">2005-03-11 00:00:00</rhn-cert-field> <rhn-cert-field name="slots">30</rhn-cert-field> <rhn-cert-field name="provisioning-slots">30</rhn-cert-field> <rhn-cert-field name="nonlinux-slots">30</rhn-cert-field> <rhn-cert-field name="channel-families" quantity="10" family="rhel-cluster"/> <rhn-cert-field name="channel-families" quantity="30" family="rhel-ws-extras"/> <rhn-cert-field name="channel-families" quantity="10" family="rhel-gfs"/> <rhn-cert-field name="channel-families" quantity="10" family="rhel-es-extras"/> <rhn-cert-field name="channel-families" quantity="40" family="rhel-as"/> <rhn-cert-field name="channel-families" quantity="30" family="rhn-tools"/> <rhn-cert-field name="satellite-version">5.2</rhn-cert-field> <rhn-cert-field name="generation">2</rhn-cert-field> <rhn-cert-signature> -----BEGIN PGP SIGNATURE----- Version: Crypt::OpenPGP 1.03 iQBGBAARAwAGBQJCAG7yAAoJEJ5yna8GlHkysOkAn07qmlUrkGKs7/5yb8H/nboG mhHkAJ9wdmqOeKfcBa3IUDL53oNMEBP/dg== =0Kv7 -----END PGP SIGNATURE----- </rhn-cert-signature> </rhn-cert>
Note
5.2. Uploading the RHN Entitlement Certificate
- Log into https://rhn.redhat.com with your organization's Satellite-entitled account.
- Click Systems in the top navigation bar and then the name of the RHN Satellite. You may also find the Satellite through the Satellite line item within the Channels category.
- In the System Details page, click the Satellite subtab and examine the existing certificate. Ensure you have a backup of this file by copying and pasting its contents into a text editor.
- Click Deactivate Satellite License at the bottom of the page. Then click Confirm Deactivation. You will receive a message describing the deactivation at the top of the page.
- You may then browse to the location of your new RHN Entitlement Certificate or paste its contents into the text field provided. When done, click Update Certificate.
5.3. Managing the RHN Certificate with RHN Satellite Activate
rhn-satellite-activate
). This is included with the Satellite installation as part of the spacewalk-backend-tools
package.
5.3.1. Command Line Entitlement Options
rhn-satellite-activate
tool offers a handful of command line options for activating a Satellite using its RHN Entitlement Certificate:
Table 5.1. RHN Entitlement Certificate Options
Option | Description |
---|---|
-h , --help | Display the help screen with a list of options. |
--sanity-only | Confirm certificate sanity. Does not activate the Satellite locally or remotely. |
--disconnected | Activates locally but not on remote RHN Servers. |
--rhn-cert=/PATH/TO/CERT | Uploads new certificate and activates the Satellite based upon the other options passed (if any). |
--systemid=/PATH/TO/SYSTEMID | For testing only - Provides an alternative system ID by path and file. The system default is used if not specified. |
--no-ssl | For testing only - Disable SSL. |
rhn-satellite-activate
command. Refer to Section 5.3.2, “Activating the Satellite”.
5.3.2. Activating the Satellite
- Validate the RHN Entitlement Certificate's sanity (or usefulness).
- Activate the Satellite locally by inserting the RHN Entitlement Certificate into the local database.
- Activate the Satellite remotely by inserting the RHN Entitlement Certificate into the central RHN (remote) database. This is typically accomplished during local activation but may require a second step if you chose the
--disconnected
option.
rhn-satellite-activate --sanity-only --rhn-cert=/path/to/demo.cert
rhn-satellite-activate --disconnected --rhn-cert=/path/to/demo.cert
rhn-satellite-activate --rhn-cert=/path/to/demo.cert
5.4. Satellite Entitlement Certificate Expiration
- The Satellite remains active.
- Each user that logs into the Satellite sees a banner on their Overview page that explains that the Satellite certificate has expired.
- Once a day, for all seven days, the Satellite Administrator's email receives notification that the certificate has expired.
Chapter 6. Importing and Synchronizing
spacewalk-backend-tools
package.
6.1. Exporting with RHN Satellite Exporter
rhn-satellite-exporter
) tool exports Satellite content in an XML format that can then be imported into another identical Satellite. The content is exported into a directory specified by the user with the -d option. Once that directory has been transported to another Satellite, the RHN Satellite Synchronization Tool may be used to import the contents, synchronizing two Satellites.
6.1.1. rhn-satellite-exporter
- Channel Families
- Architectures
- Channel metadata
- Blacklists
- RPMs
- RPM metadata
- Errata
- Kickstarts
rhn-satellite-exporter
to export data is dependent on the number and size of the channels being exported. Using the --no-packages
, --no-kickstarts
, --no-errata
, and --no-rpms
options reduces the amount of time required for rhn-satellite-exporter
to run, but also prevents potentially useful information from being exported. For that reason, these options should only be used when you are certain that you will not need the content that they exclude. Additionally, you must use the matching options for satellite-sync
when importing the data. For example, if you use --no-kickstarts
with rhn-satellite-exporter
you must specify the --no-kickstarts
option when importing the data.
rhn-satellite-exporter
command.
Table 6.1. RHN Satellite Exporter Options
Option | Description |
---|---|
-d, --dir= | Place the exported information into this directory. |
-cCHANNEL_LABEL , --channel=CHANNEL_LABEL | Process data for this specific channel (specified by label) only. NOTE: the channel's *label* is NOT the same as the channel's *name*. |
--list-channels | List all available channels and exit. |
--list-steps | List all of the steps that rhn-satellite-exporter takes while exporting data. These can be used as values for --step. |
-p --print-configuration | Print the configuration and exit. |
--print-report | Print a report to the terminal when the export is complete. |
--no-rpms | Do not retrieve actual RPMs. |
--no-packages | Do not export RPM metadata. |
--no-errata | Do not process Errata information. |
--no-kickstarts | Do not process kickstart data (provisioning only). |
--debug-level=LEVEL_NUMBER | Override the amount of messaging sent to log files and generated on the screen set in /etc/rhn/rhn.conf , 0-6 (2 is default). |
--start-date=START_DATE | The start date limit that the last modified dates are compared against. Must be in the format YYYYMMDDHH24MISS (for example, 20071225123000 ) |
--end-date=END_DATE | The end date limit that the last modified dates are compared against. Must be typed in the format YYYYMMDDHH24MISS (for example, 20071231235900 ) |
--make-isos=MAKE_ISOS | Create a channel dump ISO directory called satellite-isos (for example, --make-isos=cd or dvd |
--email | Email a report of what was exported and what errors may have occurred. |
--traceback-mail=EMAIL | Alternative email address for --email. |
--db=DB | Include alternate database connect string: username/password@SID. |
--hard-links | Export the RPM and kickstart files with hard links to the original files. |
6.1.2. Exporting
- The RHN Satellite installation must have been performed successfully.
- There must be sufficient disk space in the directory specified in the
--dir
option to contain the exported contents.
6.1.2.1. Running the Export
rhn-satellite-exporter
”. Finally, execute the command as root. The following is an example command:
rhn-satellite-exporter --dir=/var/rhn-sat-export --no-errata
rsync
or scp -r
.
6.2. Importing with RHN Satellite Synchronization Tool
Important
6.2.1. satellite-sync
satellite-sync
) enables an RHN Satellite to update its database metadata and RPM packages with those of RHN's central servers, another Satellite within your organization, or local media.
Important
satellite-sync
can import a large amount of data, especially on newly installed Satellite servers. If your database has performance issues after a significant amount of data changes, consider gathering statistics on the database. Refer to Section 8.4, “Using RHN DB Control” for more information.
satellite-sync
channel-families
— Import/synchronize channel family (architecture) data.channels
— Import/synchronize channel data.rpms
— Import/synchronize RPMs.packages
— Import/synchronize full package data for those RPMs retrieved successfully.errata
— Import/synchronize Errata information.
rpms
step will automatically ensure the channels
and channel-families
steps take place first. To initiate an individual step, use the --step
option, like so:
satellite-sync --step=rpms
--step
, the RHN Satellite Synchronization Tool offers many other command line options. To use them, insert the option and the appropriate value after the satellite-sync
command when launching import/synchronization.
Table 6.2. Satellite Import/Sync Options
Option | Description |
---|---|
-h , --help | Display this list of options and exit. |
-d= , --db=DB | Include alternate database connect string: username/password@SID. |
-m= , --mount-point=MOUNT_POINT | Import/sync from local media mounted to the Satellite. To be used in closed environments (such as those created during disconnected installs). |
--list-channels | List all available channels and exit. |
-cCHANNEL , --channel=CHANNEL_LABEL | Process data for this channel only. Multiple channels can be included by repeating the option. If no channels are specified, all channels on the Satellite will be freshened. |
-p, --print-configuration | Print the current configuration and exit. |
--no-ssl | Not Advisable - Turn off SSL. |
--step=STEP_NAME | Perform the sync process only to the step specified. Typically used in testing. |
--no-rpms | Do not retrieve actual RPMs. |
--no-packages | Do not process full package data. |
--no-errata | Do not process Errata information. |
--no-kickstarts | Do not process kickstart data (provisioning only). |
--force-all-packages | Forcibly process all package data without conducting a diff. |
--debug-level=LEVEL_NUMBER | Override the amount of messaging sent to log files and generated on the screen set in /etc/rhn/rhn.conf , 0-6 (2 is default). |
--email | Email a report of what was imported/synchronized to the designated recipient of traceback email. |
--traceback-mail=TRACEBACK_MAIL | Direct sync output (from --email ) to this email address. |
-s= , --server=SERVER | Include the hostname of an alternative server to connect to for synchronization. |
--http-proxy=HTTP_PROXY | Add an alternative HTTP proxy server in the form hostname:port. |
--http-proxy-username=PROXY_USERNAME | Include the username for the alternative HTTP proxy server. |
--http-proxy-password=PROXY_PASSWORD | Include the password for the alternative HTTP proxy server. |
--ca-cert=CA_CERT | Use an alternative SSL CA certificate by including the full path and filename. |
--systemid=SYSTEM_ID | For debugging only - Include path to alternative digital system ID. |
--batch-size=BATCH_SIZE | For debugging only - Set maximum batch size in percent for XML/database-import processing. Open man satellite-sync for more information. |
satellite-sync
synchronizes all channels that already exist in the Satellite's database. By default, the --step
(all steps) option is enabled.
--channel
option requires the channel label, not its name. Use the --list-channels
option to obtain a list of all channels by label. All displayed channels are available for importing and synchronizing.
6.2.2. Preparing for Import from Local Media
- The RHN Satellite installation must have been performed successfully.
- The Red Hat Network Channel Content ISOs or RHN Satellite Exporter data must be available, or the Satellite must have access to the Internet and the RHN website.
6.2.2.1. Preparing Channel Content ISOs
- Log into the machine as root.
- Insert the first Channel Content ISO that has been burned to disc.
- Create a directory in
/mnt/
to store the file(s) with the command:mkdir /mnt/import/
- Mount the ISO file from within the directory containing it using the command:
mount iso_filename /mnt/import -o loop
- Create a target directory for the files, such as:
mkdir /var/rhn-sat-import/
- This sample command assumes the administrator wants to copy the contents of the ISO (mounted in
/mnt/import/
) into/var/rhn-sat-import/
:cp -ruv /mnt/import/* /var/rhn-sat-import/
- Then unmount
/mnt/import
in preparation for the next CD or ISO:umount /mnt/import
- Repeat these steps for each Channel Content ISO of every channel to be imported.
6.2.2.2. Preparing RHN Satellite Exporter Data
- Log into the machine as root.
- Create a target directory for the files, such as:
mkdir /var/rhn-sat-import/
- Make the export data available on the local machine in the directory created in the previous step. This can be done by copying the data directly, or by mounting the data from another machine using NFS. It is perhaps easiest to copy the data into the new directory with a command such as the following:
scp -r root@storage.example.com:/var/sat-backup/* /var/rhn-sat-import
6.2.3. Running the Import
spacewalk-backend-tools
package provides the satellite-sync
program for managing all package, channel, and errata imports and synchronizations.
/var/rhn-sat-import
.
satellite-sync --list-channels --mount-point /var/rhn-sat-import
satellite-sync -c rhel-i386-as-3 --mount-point /var/rhn-sat-import
Note
-c
flag, like so:
satellite-sync -c channel-label-1 \ -c channel-label-2 \ --mount-point /var/rhn-sat-import
- Populating the tables describing common features for channels (channel families). This can also be accomplished individually by passing the
--step=channel-families
option tosatellite-sync
. - Creating a particular channel in the database and importing the metadata describing the channel. Individually, use the
--step=channels
option. - Moving the RPM packages from the temporary repository into their final location. Individually, use the
--step=rpms
option. - Parsing the header metadata for each package in the channel, uploading the package data, and associating it with the channel. Individually, use the
--step=packages
option. - Identifying Errata associated with the packages and including them in the repository. Individually, use the
--step=errata
option.
cd /var/rhn-sat-import/; ls -alR | grep rpm
. If all RPMs have been installed and moved to their permanent locations, then this count will be zero, and the administrator may safely remove the temporary repository (in this case, /var/rhn-sat-import/
).
6.3. Synchronizing
- Connects over SSL to central RHN Servers, authenticates itself as an RHN Satellite, and triggers an export of RHN data — unless a local mount point for RHN-exported data is specified, in which case no connection is necessary. Refer to Section 6.3.2, “Synchronizing Errata and Packages via Local Media” for an explanation.
- Examines the export and identifies differences between the RHN Satellite data set and the exported RHN data set. For a particular channel, the following information is analyzed:
- Channel metadata
- Metadata of all packages in that channel
- Metadata for all Errata that affect that channel
Note
All analysis is performed on the RHN Satellite; the central RHN Servers deliver only an export of its channel information and remain ignorant of any details regarding the RHN Satellite. - After the analysis of the export data, any differences are imported into the RHN Satellite database. Please note that importing new packages may take variable lengths of time. For a large update, an import can take many hours.
satellite-sync
command can be used in two modes: via RHN and via local media.
6.3.1. Synchronizing Errata and Packages Directly via RHN
satellite-sync -c rhel-i386-as-3
6.3.2. Synchronizing Errata and Packages via Local Media
cp -rv /mnt/cdrom/* /var/rhn-sat-sync/
satellite-sync -c rhel-i386-as-3 --mount-point /var/rhn-sat-sync
/var/rhn-sat-sync
to perform the necessary comparisons and imports. See Section 6.2.3, “Running the Import” for precise steps.
6.4. Inter-Satellite Sync
- At least two RHN Satellite 5.3 or greater servers
- At least one RHN Satellite populated with at least one channel
- Master RHN Satellite SSL certificate available on each of the slave RHN Satellites for secure connection
6.4.1. Recommended Models for Inter-Satellite Sync
Note
Figure 6.1. Staging Satellite
Figure 6.2. Master Server and Slave Peers that include their own custom content
Figure 6.3. Slave Satellites are maintained exactly as the master Satellite
6.4.2. Configuring the Master RHN Satellite Server
/etc/rhn/rhn.conf
contains the following line:
disable_iss=0
allowed_iss_slaves=
allowed_iss_slaves=slave1.satellite.example.org,slave2.satellite.example.org
rhn.conf
file, restart the httpd
service by issuing the following command:
service httpd restart
6.4.3. Configuring the Slave RHN Satellite Servers
/pub/
directory of any Satellite. The file is called RHN-ORG-TRUSTED-SSL-CERT
, but can be renamed and placed anywhere on the slave Satellite, such as the /usr/share/rhn/
directory.
master.satellite.example.com
with the hostname of the master Satellite server):
satellite-sync --iss-parent=master.satellite.example.com --ca-cert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --list-channels
6.5. Using Inter-Satellite Sync
/etc/rhn/rhn.conf
file:
iss_parent = master.satellite.domain.com iss_ca_chain = /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
satellite-sync
command by typing:
satellite-sync -c your-channel
Note
satellite-sync
command will override any default or customized settings in the /etc/rhn/rhn.conf
file
6.5.1. Syncing between a Development Staging Server and a Production Satellite
Figure 6.4. Syncing from RHN Hosted and a Satellite Staging Server
satellite-sync -c your-channel
satellite-sync --iss-parent=staging-satellite.example.com -c custom-channel
6.5.2. Bi-directional sync
Figure 6.5. Bi-directional syncing
iss_parent
option in the /etc/rhn/rhn.conf
file of Satellite A to point to the hostname of Satellite B, and do the same for Satellite B to point to Satellite A as the iss_parent
.
6.6. Synchronizing by Organization
- If the source content belongs to a base org (any Red Hat content) it will default to the base org even if a destination org is specified. This ensures that the specified content is always in that privileged base org.
- If an org is specified at the command line, it will import content from that org.
- If no org is specified, it will default to org 1.
- Import content from master to slave satellite.
satellite-sync --parent-sat=master.satellite.domain.com -c channel-name --orgid=2
- Import content from an exported dump of a specific org
$ satellite-sync -m /dump -c channel-name --orgid=2
- Import content from RHN Hosted (assuming the system is registered and activated. If the source org is not specified, the base Red Hat channel is chosen).
$ satellite-sync -c channel-name
Chapter 7. Troubleshooting
tail -f
command for all log files and then run yum list
. You should then examine all new log entries for potential clues.
df -h
/usr/sbin/rhn-satellite status
service httpd status
- 7.1. Installing and Updating
- 7.2. Services
- 7.3. Connectivity
- 7.4. Logging and Reporting
- 7.5. Errors
- Q: I'm getting an "Error validating satellite certificate" error during RHN Satellite installation. How do I fix it?
- Q: I'm getting an "ERROR: server.mount_point not set in the configuration file" error when I try to activate or synchronize the RHN Satellite. How do I fix it?
- Q: Why does cobbler check give an error saying that it needs a different version of yum-utils?
- Q: I'm getting a "unsupported version" error when I try to activate the RHN Satellite certificate. How do I fix it?
- Q: I'm getting an "Internal Server Error" complaining about ASCII when I try to edit the kickstart profile. What's going on?
- Q: I'm getting "Host Not Found" or "Could Not Determine FQDN" errors. What do I do now?
- Q: I'm getting a "This server is not an entitled Satellite" when I try to synchronize the RHN Satellite server. How do fix it?
7.1. Installing and Updating
audit.log
files available so that Red Hat Support personnel can assist you. You can find the file in /var/log/audit/audit.log
and can attach the file to your Support ticket for engineers to assist you.
/var/satellite
to an NFS mount, and now SELinux is stopping it working properly. What do I need to do?
# /usr/sbin/setsebool -P spacewalk_nfs_mountpoint on
# /usr/sbin/setsebool -P cobbler_use_nfs on
- Red Hat Developer Suite
- Red Hat Application Server
- Red Hat Extras
7.2. Services
/etc/hosts
file may be incorrect.
service taskomatic status
service oracle status
yum
, up2date
, or the push capability of the RHN Satellite stops working?
yum
, up2date
, or the push capability of the RHN Satellite ceases to function, it is possible that old log files may be at fault. Stop the jabberd daemon before removing these files. To do so, issue the following commands as root:
service jabberd stop cd /var/lib/jabberd rm -f _db* service jabberd start
7.3. Connectivity
- Attempt to connect to the RHN Satellite's database at the command line using the correct connection string as found in
/etc/rhn/rhn.conf
:sqlplus username/password@sid
- Ensure the RHN Satellite is using Network Time Protocol (NTP) and set to the appropriate time zone. This also applies to all client systems and the separate database machine in RHN Satellite with Stand-Alone Database.
- Confirm the correct package:
7
rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm
is installed on the RHN Satellite and the correspondingrhn-org-trusted-ssl-cert-*.noarch.rpm
or raw CA SSL public (client) certificate is installed on all client systems. - Verify the client systems are configured to use the appropriate certificate.
- If also using one or more RHN Proxy Servers, ensure each Proxy's SSL certificates are prepared correctly. The Proxy should have both its own server SSL key-pair and CA SSL public (client) certificate installed, since it will serve in both capacities. Refer to the SSL Certificates chapter of the RHN Client Configuration Guide for specific instructions.
- Make sure client systems are not using firewalls of their own, blocking required ports as identified in Section 2.4, “Additional Requirements”.
rm -rf temporary-directory
/var/rhn-sat-import/
.
SSL_CONNECT
errors, is the result of a Satellite being installed on a machine whose time had been improperly set. During the Satellite installation process, SSL certificates are created with inaccurate times. If the Satellite's time is then corrected, the certificate start date and time may be set in the future, making it invalid.
date
openssl x509 -dates -noout -in /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
openssl x509 -dates -noout -in /etc/httpd/conf/ssl.crt/server.crt
7.4. Logging and Reporting
/var/log/rhn/
directory. These are rotated logs, which are log files created with a .<NUMBER> extension when the current rhn_satellite_install.log
file fills up to a size as specified by the logrotate(8)
daemon and the contents written to a rotated log file. For example, the rhn_satellite_install.log.1
contains the oldest rotated log file, while rhn_satellite_install.log.4
contains the most recently rotated log.
Table 7.1. Log Files
Component/Task | Log File Location |
---|---|
Apache Web server | /var/log/httpd/ directory |
RHN Satellite | /var/log/rhn/ directory |
RHN Satellite Installation Program | /var/log/rhn/rhn_satellite_install.log |
Database installation - Embedded Database | /var/log/rhn/install_db.log |
Database population | /var/log/rhn/populate_db.log |
RHN Satellite Synchronization Tool | /var/log/rhn/rhn_server_satellite.log |
Monitoring infrastructure | /var/log/nocpulse/ directory |
Monitoring notifications | /var/log/notification/ directory |
RHN DB Control - Embedded Database | /var/log/rhn/rhn_database.log |
RHN Task Engine (taskomatic) | /var/log/messages |
yum | /var/log/yum.log |
XML-RPC transactions | /var/log/rhn/rhn_server_xmlrpc.log |
spacewalk-report
?
spacewalk-report
command to gather and display vital Satellite information at once.
Note
spacewalk-report
you must have the spacewalk-reports
package installed.
spacewalk-report
allows administrators to organize and display reports about content, errata, systems, system event history, and user resources across the Satellite. The spacewalk-report
command is used to generate reports on:
- System Inventory — Lists all of the systems registered to the Satellite.
- Entitlements — Lists all organizations on the Satellite, sorted by system or channel entitlements.
- Errata — Lists all the errata relevant to the registered systems, sorts errata by severity as well as the systems that apply to a particular erratum.
- Users — Lists all the users registered to the Satellite, and lists any systems associated with a particular user.
- System History — Lists all, or a subset, of the system events that have occurred.
spacewalk-report report_name
Table 7.2. spacewalk-report
Reports
Report | Invoked as | Description |
---|---|---|
System Inventory | inventory | List of systems registered to the server, together with hardware and software information |
Entitlements | entitlements | Lists all organizations on the Satellite with their system or channel entitlements |
Errata in channels | errata-channels | Lists errata in channels |
All Errata | errata-list-all | Complete list of all errata |
Errata for systems | errata-systems | Lists applicable errata and any registered systems that are affected |
Users in the system | users | Lists all users registered to the Satellite |
Systems administered | users-systems | Lists systems that can be administered by individual users |
Kickstart Trees | kickstartable-trees | Lists trees able to be kickstarted |
System history | system-history | Lists system event history |
System history channels | system-history-channels | Lists system event history |
System history configuration | system-history-configuration | Lists system configuration event history |
System history entitlements | system-history-entitlements | Lists system entitlement event history |
System history errata | system-history-errata | Lists system errata event history |
System history kickstart | system-history-kickstart | Lists system kickstart and provisioning event history |
System history packages | system-history-packages | Lists system package event history |
spacewalk-report
with the --info
or --list-fields-info
and the report name. The description and list of possible fields in the report will be shown.
spacewalk-report(8)
manpage as well as the --help
parameter of the spacewalk-report
program can be used to get additional information about the program invocations and their options.
rhn-schema-version
rhn-charsets
traceback_mail
in /etc/rhn/rhn.conf
.
web.default_mail_from
option and appropriate value in /etc/rhn/rhn.conf
.
7.5. Errors
install.log
file, and locating the following error:
ERROR: unhandled exception occurred: Traceback (most recent call last): File "/usr/bin/rhn-satellite-activate", line 45, in ? sys.exit(abs(mod.main() or 0)) File "/usr/share/rhn/satellite_tools/rhn_satellite_activate.py", line 585, in main activateSatellite_remote(options) File "/usr/share/rhn/satellite_tools/rhn_satellite_activate.py", line 291, in activateSatellite_remote ret = s.satellite.deactivate_satellite(systemid, rhn_cert) File "/usr/lib/python2.4/site-packages/rhn/rpclib.py", line 603, in __call__ return self._send(self._name, args) File "/usr/lib/python2.4/site-packages/rhn/rpclib.py", line 326, in _request self._handler, request, verbose=self._verbose) File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 171, in request headers, fd = req.send_http(host, handler) File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 698, in send_http self._connection.connect() File "/usr/lib/python2.4/site-packages/rhn/connections.py", line 193, in connect sock.connect((self.host, self.port)) File "<string>", line 1, in connect socket.timeout: timed out
- Run the install script in disconnected mode, and skip the database installation which has already been done:
./install.pl --disconnected --skip-db-install
- Open
/etc/rhn/rhn.conf
with your preferred text editor, and add or modify the following line:server.satellite.rhn_parent = satellite.rhn.redhat.com
Remove the following line:disconnected=1
If you are using a proxy for the connection to Red Hat Network, you will also need to add or modify the following lines to reflect the proxy settings.server.satellite.http_proxy = <hostname>:<port> server.satellite.http_proxy_username = <username> server.satellite.http_proxy_password = <password>
- Re-activate the Satellite in connected mode, using the
rhn-satellite-activate
command as the root user, including the path and filename of the satellite certificate:# rhn-satellite-activate --rhn-cert=/path/to/file.cert
install.pl
script in connected mode, but with the --answer-file=answer file
option. Ensure the answer file has the HTTP proxy information specified as follows:
rhn-http-proxy = <hostname>:<port> rhn-http-proxy-username = <username> rhn-http-proxy-password = <password>
mount_point
configuration parameter in /etc/rhn/rhn.conf
does not point to a directory path, or the directory path it points to is not present or does not have permission to access the directory.
mount_point
configuration parameter in /etc/rhn/rhn.conf
. If it set to the default value of /var/satellite
, verify that the /var/satellite
and /var/satellite/redhat
directories exist. For all values, check that path to the file is accurate, and that the permissions are set correctly.
cobbler check
give an error saying that it needs a different version of yum-utils
?
cobbler check
command can give an error similar to the following:
cobbler check The following potential problems were detected: #0: yum-utils need to be at least version 1.1.17 for reposync -l, current version is 1.1.16
reposync
package. The error is spurious and can be safely ignored. This error will be resolved in future versions of RHN Satellite.
ERROR: <Fault -2: 'unhandled internal exception: unsupported version: 96'>
RHN_PARENT: satellite.rhn.redhat.com Error reported from RHN: <Fault -2: 'unhandled internal exception: unsupported version: 115'> ERROR: unhandled XMLRPC fault upon remote activation: <Fault -2: 'unhandled internal exception: unsupported version: 115'> ERROR: <Fault -2: 'unhandled internal exception: unsupported version: 115'>
Invalid satellite certificate
'ascii' codec can't encode character u'\u2013'
- Ssh directly onto the Satellite server as the root user:
ssh root@satellite.fqdn.com
- Find the kickstart profile that is causing the problem by looking at the dates of the files in
/var/lib/cobbler/config/profiles.d
and locating the one that was edited most recently:ls -l /var/lib/cobbler/config/profiles.d/
- Open the profile in your preferred text editor, and locate the following text:
\u2013hostname
Change the entry to read:--hostname
- Save changes to the profile and close the file.
- Restart the RHN Satellite services to pick up the updated profile:
rhn-satellite restart Shutting down rhn-satellite... Stopping RHN Taskomatic... Stopped RHN Taskomatic. Stopping cobbler daemon: [ OK ] Stopping rhn-search... Stopped rhn-search. Stopping MonitoringScout ... [ OK ] Stopping Monitoring ... [ OK ] Stopping httpd: [ OK ] Stopping tomcat5: [ OK ] Shutting down osa-dispatcher: [ OK ] Shutting down Oracle Net Listener ... [ OK ] Shutting down Oracle DB instance "rhnsat" ... [ OK ] Shutting down Jabber router: [ OK ] Done. Starting rhn-satellite... Starting Jabber services [ OK ] Starting Oracle Net Listener ... [ OK ] Starting Oracle DB instance "rhnsat" ... [ OK ] Starting osa-dispatcher: [ OK ] Starting tomcat5: [ OK ] Starting httpd: [ OK ] Starting Monitoring ... [ OK ] Starting MonitoringScout ... [ OK ] Starting rhn-search... Starting cobbler daemon: [ OK ] Starting RHN Taskomatic... Done.
- Return to the web interface. Note that interface can take some time to resolve the services, but should return to normal after a minute or so.
/etc/hosts
file. You may confirm this by examining /etc/nsswitch.conf
, which defines the methods and the order by which domain names are resolved. Usually, the /etc/hosts
file is checked first, followed by Network Information Service (NIS) if used, followed by DNS. One of these has to succeed for the Apache Web server to start and the RHN client applications to work.
/etc/hosts
file. It may look like this:
127.0.0.1 this_machine.example.com this_machine localhost.localdomain \ localhost
127.0.0.1 localhost.localdomain.com localhost
127.0.0.1 localhost.localdomain.com localhost
123.45.67.8 this_machine.example.com this_machine
satellite-sync
reports that the server is not activated as an RHN Satellite, it isn't subscribed to the respective RHN Satellite channel. If this is a newly installed system then the satellite certificate is possibly not activated on the system. If it was activited earlier, then it has become deactivated.
- Login to Red Hat Network and search the system's child channel, using one of these methods:
- On a Red Hat Enterprise Linux 5 or 6 system, view the channels to which the system is subscribed with this command:
yum repolist
rhn-satellite-activate -vvv --rhn-cert=/path/to/certificate
Note
satellite-debug
. To use this tool, issue the command as root. You will see the pieces of information collected and the single tarball created, like so:
[root@miab root]# satellite-debug Collecting and packaging relevant diagnostic information. Warning: this may take some time... * copying configuration information * copying logs * querying RPM database (versioning of RHN Satellite, etc.) * querying schema version and database character sets * get diskspace available * timestamping * creating tarball (may take some time): /tmp/satellite-debug.tar.bz2 * removing temporary debug tree Debug dump created, stored in /tmp/satellite-debug.tar.bz2 Deliver the generated tarball to your RHN contact or support channel.
/tmp/
directory to your Red Hat representative for immediate diagnosis.
Chapter 8. Maintenance
8.1. Managing the Satellite with rhn-satellite
rhn-satellite
. This tool accepts all of the typical commands:
/usr/sbin/rhn-satellite start /usr/sbin/rhn-satellite stop /usr/sbin/rhn-satellite restart /usr/sbin/rhn-satellite reload /usr/sbin/rhn-satellite enable /usr/sbin/rhn-satellite disable /usr/sbin/rhn-satellite status
rhn-satellite
to shut down and bring up the entire RHN Satellite and retrieve status messages from all of its services at once.
8.2. Updating the Satellite
yum update
on the RHN Satellite or use the website at https://rhn.redhat.com to apply the updates.
Important
yum update
, Apache may fail. To avoid this, make sure you restart the httpd
service after upgrading it.
Warning
8.3. Backing Up the Satellite
/rhnsat/
- Embedded Database only (never to be backed up while the database is running - refer to Section 8.4.2, “Backing up the Database”)/etc/sysconfig/rhn/
/etc/rhn/
/etc/sudoers
/etc/tnsnames.ora
/var/www/html/pub/
/var/satellite/redhat/1
- custom RPMs/root/.gnupg/
/root/ssl-build/
/etc/dhcp.conf
/etc/httpd
/tftpboot/
/var/lib/cobbler/
/var/lib/rhn/kickstarts/
/var/www/cobbler
/var/lib/nocpulse/
/var/satellite/
, as well. In case of failure, this will save lengthy download time. Since /var/satellite/
(specifically /var/satellite/redhat/NULL/
) is primarily a duplicate of Red Hat's RPM repository, it can be regenerated with satellite-sync
. Red Hat recommends the entire /var/satellite/
tree be backed up. In the case of disconnected satellites, /var/satellite/
must be backed up.
satellite-sync
tool. Finally, you would have to reinstall the /root/ssl-build/\ rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm
.
Note
rhn-search
service is started:
/etc/init.d/rhn-search cleanindex
8.4. Using RHN DB Control
su - oracle
db-control option
8.4.1. DB Control Options
db-control
command.
Table 8.1. RHN DB Control Options
Option | Description |
---|---|
help | Lists these db-control options with additional details. |
backup DIRNAME | Backs up the database to the directory specified. |
examine DIRNAME | Examines the contents of a backup directory. Returns the timestamp of backup creation and reports on its contents. |
extend | Increase the RHN Oracle tablespace |
gather-stats PCT | Gather statistics on RHN Oracle database objects. PCT is the percentage of rows to estimate (the default is 15%). |
report | Reports on current usage of database space. |
report-stats | Reports on segments with stale or empty statistics. |
restore DIRNAME | Restores the database from backup kept in DIRNAME. Database must be stopped for this command to run successfully. |
start | Starts the database instance. This can also be accomplished by issuing the service oracle start command as root. |
shrink-segments | Shrinks RHN Oracle database segments with signifcant amounts of free space. |
status | Shows the current status of the database, either "running" or "offline". |
stop | Stops the database instance. This can also be accomplished by issuing the service oracle stop command as root. |
tablesizes | Show space report for each table |
verify DIRNAME | Verifies the contents of the backup kept in DIRNAME. This command runs a checksum of each of the files kept in the backup. |
Note
Note
segment-shrink
feature to reclaim fragmented free space in an Oracle Database segment. The benefits of segment-shrink
are compaction of data that leads to better cache utilization and the compacted data requires fewer blocks to be scanned in full table scans, which both lead to better performance.
8.4.2. Backing up the Database
/usr/sbin/rhn-satellite stop
db-control backup DIRNAME
/usr/sbin/rhn-satellite start
8.4.3. Verifying the Backup
db-control examine DIRNAME
db-control verify DIRNAME
8.4.4. Restoring the Database
/usr/sbin/rhn-satellite stop
db-control restore DIRNAME
/usr/sbin/rhn-satellite start
8.5. Cloning the Satellite with Embedded DB
- Install RHN Satellite with Embedded Database (and a base install of Red Hat Enterprise Linux) on a separate machine, skipping the SSL Certificate generation step.
- Back up the primary Satellite's database daily using the commands described in Section 8.4.2, “Backing up the Database”. If this is done, only changes made the day of the failure will be lost.
- Establish a mechanism to copy the backup to the secondary Satellite and keep these repositories synchronized using a file transfer program such as rsync. If you're using a SAN, copying isn't necessary.
- Use RHN DB Control's
restore
option to import the duplicate data. - If the primary Satellite fails, transfer the SSL key pair RPM package in
/root/ssl-build
from the primary to the secondary Satellite, and install the package. This ensures that RHN clients can authenticate with and securely connect to the secondary Satellite. - Change DNS to point to the new machine or configure your load balancer appropriately.
8.6. Establishing Redundant Satellites with Stand-Alone DB
- Prepare the Stand-Alone Database for failover using Oracle's recommendations for building a fault-tolerant database. Consult your database administrator.
- Install RHN Satellite with Stand-Alone Database (and a base install of Red Hat Enterprise Linux) on a separate machine, skipping the database configuration, database schema, SSL certificate, and bootstrap script generation steps. Include the same RHN account and database connection information provided during the initial Satellite install and register the new Satellite.If your original SSL certificate does not take your high-availability solution into account, you may create a new one with a more appropriate Common Name value now. In this case, you may also generate a new bootstrap script that captures this new value.
- After installation, copy the following files from the primary Satellite to the secondary Satellite:
/etc/rhn/rhn.conf
/etc/tnsnames.ora
/var/www/rhns/server/secret/rhnSecret.py
- Copy and install the server-side SSL certificate RPMs from the primary Satellite to the secondary. Refer to the Sharing Certificates section of the RHN Client Configuration Guide for precise instructions. Remember, the Common Name value must represent the combined Satellite solution, not a single machine's hostname.If you generated a new SSL certificate during Satellite installation that included a new Common Name value, copy the SSL certificate RPMs from the secondary to the primary Satellite and redistribute the client-side certificate. If you also created another bootstrap script, you may use this to install the certificate on client systems.
- If you did not create a new bootstrap script, copy the contents of
/var/www/html/pub/bootstrap/
from the primary Satellite to the secondary. If you did generate a new one, copy that directory's contents to the primary Satellite. - Turn off the RHN Task Engine on the secondary Satellite with the following command:
/sbin/service taskomatic stop
You may use custom scripting or other means to establish automatic start-up/failover of the RHN Task Engine on the secondary Satellite. Regardless, it will need to be started upon failover. - Share channel package data (by default located in
/var/satellite
) between the Satellites over some type of networked storage device. This eliminates data replication and ensures a consistent store of data for each Satellite. - Share cache data (by default located in
/var/cache/rhn
) between the Satellites over some type of networked storage device. This eliminates data replication and ensures a consistent store of cached data for each Satellite. - Make the various Satellites available on your network via Common Name and a method suiting your infrastructure. Options include round-robin DNS, a network load balancer, and a reverse-proxy setup.
8.7. Changing the Satellite Hostname
satellite-utils
package contains the satellite-hostname-rename
script.
satellite-hostname-rename
script, you must first ensure that you know your SSL CA passphrase by performing the following command:
openssl rsa -in path/RHN-ORG-PRIVATE-SSL-KEY
satellite-hostname-rename
requires one mandatory argument, which is the IP address of the Satellite server, regardless of whether the IP address will change along with the hostname or not.
satellite-hostname-rename
is as follows:
spacewalk-hostname-rename <ip address> [ --ssl-country=<country> --ssl-state=<state>\ --ssl-org=<organization/company> --ssl-orgunit=<department> --ssl-email=<email address> --ssl-ca-password=<password>]
satellite-hostname-rename
will generate a certificate.
satellite-hostname-rename
, refer to the following Red Hat Knowledgebase entry:
8.8. Conducting Satellite-Specific Tasks
8.8.1. Deleting Users
Figure 8.1. User Deletion
Note
Figure 8.2. User Delete Confirmation
8.8.2. Configuring Satellite Search
/etc/rhn/search.rhn-search.conf
file. The following list defines the search configuration and their default values in parentheses.
- search.index_work_dir : Specifies where Lucene indexes are kept (
/usr/share/rhn/search/indexes
) - search.rpc_handlers : semi-colon separated list of classes to act as handlers for XMLRPC calls.
(filename>index:com.redhat.satellite.search.rpc.handlers.IndexHandler, db:com.redhat.satellite.search.rpc.handlers.DatabaseHandler, admin:com.redhat.satellite.search.rpc.handlers.AdminHandler)
- search.max_hits_returned : maximum number of results which will be returned for the query (
500
) - search.connection.driver_class : JDBC driver class to conduct database searches (
oracle.jdbc.driver.OracleDriver
) - search.score_threshold : minimum score a result needs to be returned back as query result (
.10
) - search.system_score_threshold : minimum score a system search result needs to be returned back as a query result (
.01
) - search.errata_score_threshold : minimum score an errata search result needs to be returned back as a query result (
.20
) - search.errata.advisory_score_threshold : minimum score an errata advisory result needs to be returned back as a query result (
.30
) - search.min_ngram : minimum length of n-gram characters. Note that any change to this value requires
clean-index
to be run, and doc-indexes need to be modified and rebuilt) (1
) - search.max_ngram : maximum length of n-gram characters. Note that any change to this value requires
clean-index
to be run, and doc-indexes need to be modified and rebuilt) (5
) - search.doc.limit_results : type
true
to limit the number of results both on search.score_threshold and restrict max hits to be below search.max_hits_returned; typefalse
means to return all documentation search matches (false
) - search.schedule.interval : input the time in miliseconds to control the interval with which the SearchServer polls the database for changes; the default is 5 minutes (
300000
). - search.log.explain.results : used during development and debugging. If set to true, this will log additional information showing what influences the score of each result. (
false
)
8.9. Automating Synchronization
crontab -e
EDITOR
variable, like so: export EDITOR=gedit
.
0 1 * * * perl -le 'sleep rand 9000' && satellite-sync --email >/dev/null \ 2>/dev/null
stdout
and stderr
from cron
to prevent duplicating the more easily read message from satellite-sync
. Options other than --email
can also be included. Refer to Table 6.2, “Satellite Import/Sync Options” for the full list of options. Once you exit from the editor, the modified crontab is installed immediately.
8.10. Implementing PAM Authentication
Note
pam-devel
package.
Configuring RHN Satellite to use PAM
- Create a PAM service file in the
/etc/pam.d/
directory:touch /etc/pam.d/rhn-satellite
- Edit the file with the following information:
auth required pam_env.so auth sufficient pam_sss.so auth required pam_deny.so account sufficient pam_sss.so account required pam_deny.so
- Instruct the satellite to use the PAM service file by adding the following line to the
/etc/rhn/rhn.conf
file:pam_auth_service = rhn-satellite
- Restart the service to pick up the changes:
rhn-satellite restart
- To enable a user to authenticate against PAM, select the checkbox labeled Pluggable Authentication Modules (PAM). It is positioned below the password and password confirmation fields on the Create User page.
8.11. Enabling Push to Clients
osa-dispatcher
).
Important
osa-dispatcher
package, which can be found in the RHN Satellite software channel for the Satellite within the central RHN website. Once installed, start the service on the Satellite as root using the command:
service osa-dispatcher start
osad
package on all client systems to receive pushed actions. The package can be found within the RHN Tools child channel for the systems on the RHN Satellite.
Warning
osad
package on the Satellite server, as it will conflict with the osa-dispatcher
package installed on the Satellite.
service osad start
osa-dispatcher
and osad
accept stop
, restart
, and status
commands, as well.
Appendix A. Sample RHN Satellite Configuration File
/etc/rhn/rhn.conf
configuration file for the RHN Satellite provides a means for you to establish key settings. Be warned, however, that errors inserted into this file may cause Satellite failures. So make configuration changes with caution.
#/etc/rhn/rhn.conf example for an RHN Satellite #---------------------------------------------- # Destination of all tracebacks, such as crash information, etc. traceback_mail = test@pobox.com, test@redhat.com # Location of RPMs (Red Hat and custom) served by the RHN Satellite mount_point = /var/satellite # Corporate gateway (hostname:PORT): server.satellite.http_proxy = corporate_gateway.example.com:8080 server.satellite.http_proxy_username = server.satellite.http_proxy_password = # Database connection information username/password@SID default_db = test01/test01@test01 ### DON'T TOUCH ANY OF THE FOLLOWING ### web.satellite = 1 web.session_swap_secret_1 = ea6c79f71cfcf307d567fed583c393b9 web.session_swap_secret_2 = 01dee83a7b7f27157f5335744eb02327 web.session_swap_secret_3 = 4e89e7697ce663149ca9e498cbc08b4f web.session_swap_secret_4 = a0fed2d77a950fc9a800b450a45e89d2 web.session_secret_1 = 24bc562e04c9b93f5be94f793738e104 web.session_secret_2 = 7667a7c2db311b1ea04271ecc1b82314 web.session_secret_3 = 442e7dc4f06f63eba9a0408d499c6a8d web.session_secret_4 = 587a0db47856f685d989095629a9bd6f encrypted_passwords = 1 web.param_cleansers = RHN::Cleansers->cleanse web.base_acls = RHN::Access web.default_taskmaster_tasks = RHN::Task::SessionCleanup, RHN::Task::ErrataQueue, RHN::Task::ErrataEngine, RHN::Task::DailySummary, RHN::Task::SummaryPopulation, RHN::Task::RHNProc, RHN::Task::PackageCleanup web.rhn_gpg_backend_module = RHN::GPG::OpenPGP web.restrict_mail_domains =
Appendix B. Revision History
Revision History | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
Revision 2-10.400 | 2013-10-31 | Rüdiger Landmann | ||||||||
| ||||||||||
Revision 2-10 | Thu Aug 22 2012 | Daniel Macpherson | ||||||||
| ||||||||||
Revision 2-8 | Wed Jan 4 2012 | Lana Brindley | ||||||||
| ||||||||||
Revision 2-7 | Wed Jan 4 2012 | Lana Brindley | ||||||||
| ||||||||||
Revision 2-6 | Wed Oct 26 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 2-5 | Mon Aug 15 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 2-4 | Wed Jul 6 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 2-3 | Wed Jun 22 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 2-2 | Wed Jun 15 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 2-1 | Fri May 27 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 2-0 | Fri May 6 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 1-36 | Tue May 3 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 1-35 | Wed April 27 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 1-34 | Wed April 13 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 1-33 | Tue Feb 8 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 1-32 | Mon Feb 7 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 1-31 | Mon Feb 7 2011 | Lana Brindley | ||||||||
| ||||||||||
Revision 1-30 | Mon Jan 31 2011 | Lana Brindley | ||||||||
|
Index
A
- advantages, RHN Satellite
- Apache, Updating the Satellite
- Apache HTTP, How it Works
- automating Satellite synchronization, Automating Synchronization
B
- backing up the RHN Satellite, Backing Up the Satellite
- block sizes, Database Requirements
C
- channel
- definition, Terms to Understand
- channel content
- import process, Preparing Channel Content ISOs
- channel content ISOs
- preparing, Preparing Channel Content ISOs
- channel package
- default location
- /var/satellite/ , Base Install
- chkconfig , Additional Requirements
- cloning satellite, Cloning the Satellite with Embedded DB
- Configuration Administrator
- definition, Terms to Understand
D
- database requirements
- Oracle access level, Database Requirements
- database RPMs
- default location
- /opt/ , Base Install
- db-control
- options, DB Control Options
- db-control use, Using RHN DB Control
- disable services
- ntsysv
- chkconfig , Additional Requirements
E
- embedded database
- default location
- /rhnsat/ , Base Install
- enabling push to clients, Enabling Push to Clients
- entitlement certificate, Additional Requirements, RHN Satellite Installation Program
- uploading, Uploading the RHN Entitlement Certificate
F
- firewall rules
- requirements, Additional Requirements
G
- GPG keys, RHN Satellite Installation Program
H
- how it works, How it Works
- httpd , Additional Requirements
I
- import
- channel content
- process, Preparing Channel Content ISOs
- importing
- satellite data, Importing and Synchronizing
- importing data
- placing Errata in repository, Running the Import
- populating the channel, Running the Import
- running the import, Running the Import
- installation
- base, Base Install
- MySQL, MySQL Installation
- of RHN Satellite, RHN Satellite Installation Program
- sendmail, Sendmail Configuration
- Installation
- automated, Automated RHN Satellite Server Installation
- installation task list, Summary of Steps
M
- maintenance, Maintenance
- mysql-server , MySQL Installation
N
- Network Time Protocol, Additional Requirements
- ntp, Additional Requirements
- ntsysv , Additional Requirements
O
- operating system
- supported, Software Requirements
- Oracle 10g, How it Works
- Organization Administrator
- definition, Terms to Understand
- osa-dispatcher , Enabling Push to Clients
- osad , Enabling Push to Clients
P
- PAM authentication
- implementation, Implementing PAM Authentication
- port 443, Additional Requirements
- port 4545, Additional Requirements
- port 5222, Additional Requirements
- port 5269, Additional Requirements
- port 80, Additional Requirements
R
- Red Hat Network
- introduction, Red Hat Network
- Red Hat Update Agent
- definition, Terms to Understand
- redundant satellite, Establishing Redundant Satellites with Stand-Alone DB
- requirements, Requirements
- additional, Additional Requirements
- database, Database Requirements
- DNS, Additional Requirements
- entitlement certificate, Additional Requirements
- firewall rules, Additional Requirements
- FQDN, Additional Requirements
- hardware, Hardware Requirements
- jabberd, Additional Requirements
- ntp, Additional Requirements
- software, Software Requirements
- TCP Ports, Additional Requirements
- RHN
- components, How it Works
- RHN DB Control
- backup, Backing up the Database
- options, DB Control Options
- restore, Restoring the Database
- verify, Verifying the Backup
- RHN Entitlement Certificate
- options, Command Line Entitlement Options
- RHN Entitlement Certificates, Entitlements
- receiving, Receiving the Certificate
- RHN Satellite Activate , Managing the RHN Certificate with RHN Satellite Activate
- RHN Satellite Exporter, Exporting with RHN Satellite Exporter
- RHN Satellite Server entitlement, RHN Satellite Installation Program
- RHN Satellite Synchronization Tool , Importing with RHN Satellite Synchronization Tool
- options, satellite-sync
- rhn-satellite, Managing the Satellite with rhn-satellite
- rhn-satellite-activate , Managing the RHN Certificate with RHN Satellite Activate
- activating, Activating the Satellite
- options, Command Line Entitlement Options
- rhn-satellite-exporter, rhn-satellite-exporter
- export, Exporting
- options, rhn-satellite-exporter
- rhn.conf
- sample file, Sample RHN Satellite Configuration File
- rogerthat01@{mail domain} , Sendmail Configuration
S
- Satellite configuration
- search, Configuring Satellite Search
- Satellite Installation Program
- Satellite Ports, Additional Requirements
- satellite redundancy, Establishing Redundant Satellites with Stand-Alone DB
- satellite-sync , Running the Import, Synchronizing Errata and Packages Directly via RHN
- --step=channel-families , Running the Import
- --step=channels , Running the Import
- --step=rpms , Running the Import
- cron job, Automating Synchronization
- search, Configuring Satellite Search
- sendmail , Additional Requirements
- spacewalk-backend-tools , Managing the RHN Certificate with RHN Satellite Activate, Running the Import
- summary of steps, Summary of Steps
- synchronizing
- keeping channel data in sync, Synchronizing
- satellite data, Importing and Synchronizing
T
- terms to understand, Terms to Understand
- tool use, Conducting Satellite-Specific Tasks
- topologies, Example Topologies
- multiple satellites horizontally tiered, Multiple Satellite Horizontally Tiered Topology
- satellite and proxies vertically tiered, Satellite-Proxy Vertically Tiered Topology
- single satellite, Single Satellite Topology
- traceback, Terms to Understand
- definition, Terms to Understand
- troubleshooting, Troubleshooting
- full disk space, Troubleshooting
U
- updating the RHN Satellite, Updating the Satellite