Proxy Installation Guide
Red Hat Network Satellite
Chapter 1. Introduction
1.1. Red Hat Network
- Scalability — with Red Hat Network, a single system administrator can set up and maintain hundreds or thousands of Red Hat systems more easily, accurately, and quickly than they could maintain a single system without Red Hat Network.
- Standard Protocols — standard protocols are used to maintain security and increase capability. For example, XML-RPC gives Red Hat Network the ability to do much more than merely download files.
- Security — all communication between registered systems and Red Hat Network takes place over secure Internet connections.
- View Errata Alerts — easily view Errata Alerts for all your client systems through one website.
- Scheduled Actions — use the website to schedule actions, including Errata Updates, package installs, and software profile updates.
- Simplification — maintaining Red Hat systems becomes a simple, automated process.
1.2. Frequently Used Terminologies
- A channel is a list of software packages. There are two types of channels: base channels and child channels. A base channel consists of a list of packages based on a specific architecture and Red Hat release. A child channel is a channel associated with a base channel that contains extra packages.
- Organization Administrator
- An Organization Administrator is a user role with the highest level of control over an organization's Red Hat Network account. Members with this role can add other users, other systems, and system groups to the organization, as well as remove them. A Red Hat Network organization is required to have at least one Organization Administrator.
- Channel Administrator
- A Channel Administrator is a user role with full access to channel management capabilities. Users with this role are capable of creating channels and assigning packages to channels. This role can be assigned by an Organization Administrator through the Users tab of the RHN website.
- Red Hat Update Agent
- The Red Hat Update Agent is the Red Hat Network client application (
yum) that allows users to retrieve and install new or updated packages for the client system on which the application is run.
- A traceback is a detailed description of "what went wrong" that is useful for troubleshooting the RHN Proxy Server. Tracebacks are automatically generated when a critical error occurs and are emailed to the individual(s) designated in the RHN Proxy Server's configuration file.
1.3. RHN Proxy Server
- Scalability — there can be multiple local RHN Proxy Servers within one organization.
- Security — an end-to-end secure connection is maintained: from the client systems, to the local RHN Proxy Server, to the Red Hat Network servers.
- Saves time — packages are delivered significantly faster over a local area network than the Internet.
- Saves bandwidth — packages are downloaded from RHN only once (per local Proxy Server's caching mechanism) instead of downloading each package to each client system.
- Customized updates — create a truly automated package delivery system for custom software packages, as well as official Red Hat packages required for the client systems. Custom private RHN channels allow an organization to automate delivery of in-house packages.
- Customized configuration — restrict or grant updates to specific architectures and OS versions.
- Only one Internet connection required — Because clients connect only to the RHN Proxy Server and not the Internet, they require only a Local Area Network connection to the Proxy. Only the RHN Proxy Server needs an Internet connection to contact the RHN Servers, unless the RHN Proxy Server is using a RHN Satellite Server, in which case only the RHN Satellite Server requires an Internet connection.
1.4. How Proxy Works
- The client performs a login action at the beginning of a client session. This login is passed through one or more RHN Proxy Servers until it reaches a Red Hat Network Server.
- The Red Hat Network Server attempts to authenticate the client. If authentication is successful, the server then passes back a session token via the chain of RHN Proxy Servers. This token, which has a signature and expiration, contains user information, including channel subscriptions, username, etc.
- Each RHN Proxy Server caches this token on its local file system in
/var/cache/rhn/. Caching reduces some of the overhead of authenticating with Red Hat Network Servers and greatly improves the performance of Red Hat Network.
- This session token is passed back to the client machine and is used in subsequent actions on Red Hat Network.
Chapter 2. Requirements
2.1. Software Requirements
- Base operating system — RHN Proxy Server is supported with Red Hat Enterprise Linux 5 and 6. The operating system can be installed from disc, local ISO image, kickstart, or any of the methods supported by Red Hat.RHN Proxy Server can be installed on Red Hat Enterprise Linux 5 and 6 in any virtualized environment supported by Red Hat, including Xen, KVM, and VMware.Note that for production deployments, it is recommended to deploy RHN Proxy Server as the sole application running on the underlying physical hardware to avoid contention issues. Also, be aware that functional support for virtualized environments does not always equal the performance of running on physical hardware, so carefully consider the virtualized environment of choice and any tuning guidelines recommended.
NoteEach purchased RHN Proxy product includes one supported instance of Red Hat Enterprise Linux Server. RHN Proxy must be installed onto a fresh installation of Enterprise Linux where RHN Proxy is the only application and service provided by the OS. Using the Red Hat Enterprise Linux OS included in RHN Proxy to run other daemons, applications, or services within the environment is not supported.Each version of Red Hat Enterprise Linux requires a certain package set to support RHN Proxy Server . Adding more packages can cause errors during installation. Therefore, Red Hat recommends obtaining the desired package set in the following ways:
NoteFor kickstarting, specify the following package group:
@BaseFor installing Red Hat Enterprise Linux via CD or ISO image, select the following package group:
- An available RHN Proxy Server entitlement within the RHN Satellite Server account.
- An available Provisioning entitlement within the RHN Satellite Server account (which should come packaged with the RHN Proxy Server entitlement).
- Access to the Red Hat Network Tools channel for the installed version of Red Hat Enterprise Linux. This channel includes the
spacewalk-proxy-installerpackage that contains the
configure-proxy.shinstallation program required to install RHN Proxy Server .
rhncfg*packages installed on the Proxy (from the RHN Tools channel).
- Either the
spacewalk-certs-toolspackage installed on the Proxy (from the RHN Tools channel) for RHN Hosted users, or the secure sockets layer (SSL) CA certificate password used to generate the parent server certificate for RHN Satellite Server users.
- Configuration of the system to accept remote commands and configuration management through Red Hat Network if using the deprecated Web UI installation method. Refer to Section 4.2, “RHN Proxy Server Installation Process” for instructions.
2.2. Hardware Requirements
- A Pentium IV Processor or equivalent
- 512 MB of memory
- At least 5 GB storage for base install of Red Hat Enterprise Linux
- 6 GB storage per distribution/channel
/etc/sysconfig/rhn/rhnsdconfiguration file of the client systems is reduced, the load on this component increases significantly.
2.3. Disk Space Requirements
/var/spool/squid. The required free space allotment is 6 GB storage per distribution/channel.
/varmount point on the system storing local packages has sufficient disk space to hold all of the custom packages, which are stored in
/var/spool/rhn-proxy. The required disk space for local packages depends on the number of custom packages served.
2.4. Additional Requirements
- Full Access
- Client systems need full network access to the RHN Proxy Server services and ports.
- Firewall Rules
- RHN strongly recommends firewalling the RHN Proxy Server solution from the Internet. However, various TCP ports must be opened on the Proxy, depending on your implementation of RHN Proxy Server :
Table 2.1. Ports to open on the Proxy
Port Direction Reason 80 Outbound Proxy uses this port to reach rhn.redhat.com, xmlrpc.rhn.redhat.com, and your Satellite URL (depending on whether RHN Proxy is talking to either RHN Hosted or a Satellite Server). 80 Inbound Client requests come in via either http or https 443 Inbound Client requests come in via either http or https 443 Outbound Proxy uses this port to reach rhn.redhat.com, xmlrpc.rhn.redhat.com, and the Satellite URL (depending on whether RHN Proxy is talking to either RHN Hosted or a Satellite Server). 4545 Outbound If your Proxy is connected to an RHN Satellite Server, Monitoring makes connections to
rhnmdrunning on client systems via this TCP port, if Monitoring is enabled and probes configured to registered systems.
5222 Inbound Opening this port allows
osadclient connections to the
jabberddaemon on the Proxy when using RHN Push technology.
5269 Outbound If the Proxy is connected an RHN Satellite Server, this port must be open to allows server-to-server connections via
jabberdfor RHN Push Technology.
- Synchronized System Times
- There is great time sensitivity when connecting to a Web server running SSL (Secure Sockets Layer); it is imperative the time settings on the clients and server are reasonably close together so that the SSL certificate does not expire before or during use. It is recommended that Network Time Protocol (NTP) be used to synchronize the clocks.
- Fully Qualified Domain Name (FQDN)
- The system upon which the RHN Proxy Server will be installed must resolve its own FQDN properly.
- A Red Hat Network Account
- Customers who will be connecting to the central Red Hat Network Servers to receive incremental updates must have a Red Hat Network account. The sales representative assists with the setup of this account at the time of purchase.
- Backups of Login Information
- It is imperative that customers keep track of all primary login information. For RHN Proxy Server , this includes usernames and passwords for the Organization Administrator account and SSL certificate generation. Red Hat strongly recommends this information be copied onto two separate back-up disks (CD/DVD/removable hard drives), printed out on paper, and stored in a safe place.
- Distribution Locations
- Since the Proxy forwards virtually all local HTTP requests to the central RHN Servers, take care in putting files destined for distribution (such as in a kickstart installation tree) in the non-forwarding location on the Proxy:
/var/www/html/pub/. Files placed in this directory can be downloaded directly from the Proxy. This can be especially useful for distributing GPG keys or establishing installation trees for kickstarts.
chkconfigto disable services.
- The RHN Proxy Server Installation Guide — This guide, which you are now reading, provides the essential steps necessary to get an RHN Proxy Server up and running.
- The RHN Client Configuration Guide — This guide explains how to configure the systems to be served by an RHN Proxy Server or RHN Satellite Server. (This will also likely require referencing The RHN Reference Guide, which contains steps for registering and updating systems.)
- The RHN Channel Management Guide — This guide identifies in great detail the recommended methods for building custom packages, creating custom channels, and managing private Errata.
- The RHN Reference Guide — This guide describes how to create RHN accounts, register and update systems, and use the RHN website to its utmost potential. This guide will probably come in handy throughout the installation and configuration process.
Chapter 3. Example Topologies
- The total number of client systems to be served by the RHN Proxy Server
- The maximum number of clients expected to connect concurrently to the RHN Proxy Server.
- The number of custom packages and channels to be served by the RHN Proxy Server.
- The number of RHN Proxy Servers being used in the customer environment.
3.1. Single Proxy Topology
Figure 3.1. Single Proxy Topology
3.2. Multiple Proxy Horizontally Tiered Topology
- The rsync file transfer program can be used to synchronize packages between the Proxies
- A Network File System (NFS) share can be established between the Proxies and the custom channel repository.
Figure 3.2. Multiple Proxy Horizontally Tiered Topology
3.3. Multiple Proxy Vertically Tiered Topology
up2datefunctionality inherent with the product.
Figure 3.3. Multiple Proxy Vertically Tiered Topology
3.4. Proxies with RHN Satellite Server
Chapter 4. Installation
4.1. Base Install
- Allocate sufficient space to the partition that will be used to store packages, according to the hardware requirements set forth earlier. The default location for cached Red Hat packages is
/var/spool/squid, while custom packages are located in
NoteThe installation program automatically calculates the available space on the partition where
/var/spool/squidis mounted and allocates up to 60 percent of the free space for RHN Proxy Server use.
- Install the packages required by RHN Proxy Server.
NoteInstall only the base packages, as others will cause the RHN Proxy Server installation to fail.Refer to Section 2.1, “Software Requirements” for the method to obtain the correct package group needed for each version of Red Hat Enterprise Linux.
- Enable Network Time Protocol (NTP) on the Proxy and select the appropriate time zone. All client systems should already be running the
ntpddaemon and be set to the correct time zone.
- Disable the
iptablesservices after installation.
4.2. RHN Proxy Server Installation Process
- Log in as the root user on the intended RHN Proxy Server system.
- Register the newly-installed Red Hat Enterprise Linux system with Red Hat Network (either the central RHN Servers or on the RHN Satellite Server) using the organizational account containing the RHN Proxy Server entitlement with the command:
- Subscribe the client to the RHN Tools channel.
- Install the proxy installer:
yum install spacewalk-proxy-installer
- Perform the installation:
NoteIn order to perform this step successfully, root access to the Satellite server is required. Alternatively, add the
--force-own-caoption to the command.The command-line installation program leads users through a series of prompts regarding RHN Proxy Server installation and initial configuration details such as installation options and SSL certificate generation. The following instructions describe the installation process:
NoteIf you press Enter at a prompt instead of typing in an entry, the RHN Proxy Server command-line installation program uses the default response enclosed in brackets.Alternatively, if you want to use default answers without any user interaction, use the
--non-interactiveoption, which will use all default responses.
- The first series of prompts are site-specific details about the installation.
Proxy version to activate [5.4]:The Proxy version prompts for confirmation on the version of RHN Proxy Server to install.
RHN Parent [satserver.example.com]:The RHN Parent is the domain name or address of the system that serves the Proxy, which could be the RHN Hosted servers (xmlrpc.rhn.redhat.com), or a Satellite server.
Traceback email :The Traceback email is the email address to which error-related traceback messages are mailed, usually the email of the Proxy administrator. Use commas to separate more than one email address at this prompt.
- The next series of prompts are related to configuring the details for generating an SSL certificate, which is recommended to secure traffic to and from the RHN Proxy Server.
Use SSL [Y/n]: yIn the Use SSL prompt, type
yto configure the RHN Proxy Server to support SSL.
CA Chain [/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT]:In the CA Chain prompt, press Enter to use the default path for the Certificate Authority (CA) Chain, which if the RHN Proxy is communicating with an RHN Satellite then this value is usually
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT. If it is communicating with RHN Hosted, it is usually the
/usr/share/rhn/RHNS-CA-CERTfile. Custom SSL certificates must be located in the
HTTP Proxy :If the RHN Proxy Server connects through an HTTP proxy, enter the proxy hostname and port number, such as
corporate.proxy.example.com:3128Enter the required details necessary to generate a proper SSL server certificate, including the Organzation name, the Organization Unit (such as
Engineering), the Common Name (the domain name), as well as the details for City, State and Country. Finally, enter the email address for the administrator or technical contact in charge of SSL certificates.
Regardless of whether you enabled SSL for the connection to the Proxy Parent Server, you will be prompted to generate an SSL certificate. This SSL certificate will allow client systems to connect to this Spacewalk Proxy securely. Refer to the Spacewalk Proxy Installation Guide for more information. Organization: Example Company Organization Unit [proxy1.example.com]: Common Name: proxy1.example.com City: New York State: New York Country code: US Email [email@example.com]:
- As a result of running the RHN Proxy Server installation program, the command-line installation program:
- Prompts for the installation of monitoring support to RHN Proxy Server.
- Allows the organization to create and populate a configuration channel for future RHN Proxy Server installations.
- Finalizes SSL configuration.
- Restarts any service daemons that had modified configurations.
You do not have monitoring installed. Do you want to install it? Will run 'yum install spacewalk-proxy-monitoring'. [Y/n]:nConfirm whether or not you want to install Monitoring support on the Proxy server.
Generating CA key and public certificate: CA password: CA password confirmation: Copying CA public certificate to /var/www/html/pub for distribution to clients: Generating SSL key and public certificate: CA password: Backup made: 'rhn-ca-openssl.cnf' --> 'rhn-ca-openssl.cnf.1' Rotated: rhn-ca-openssl.cnf --> rhn-ca-openssl.cnf.1 Installing SSL certificate for Apache and Jabberd: Preparing packages for installation... rhn-org-httpd-ssl-key-pair-proxy1.example-1.0-1The
configure-proxy.shprogram then configures SSL, prompting you to create a Certificate Authority password and confirm it before generating the SSL keys and the public certificate.
Create and populate configuration channel rhn_proxy_config_1000010000? [Y]: Using server name satserver.example.com Red Hat Network username: admin Password: Creating config channel rhn_proxy_config_1000010000 Config channel rhn_proxy_config_1000010000 created using server name satserver.example.com Pushing to channel rhn_proxy_config_1000010000: Local file /etc/httpd/conf.d/ssl.conf -> remote file /etc/httpd/conf.d/ssl.conf Local file /etc/rhn/rhn.conf -> remote file /etc/rhn/rhn.conf Local file /etc/rhn/cluster.ini -> remote file /etc/rhn/cluster.ini Local file /etc/squid/squid.conf -> remote file /etc/squid/squid.conf Local file /etc/httpd/conf.d/cobbler-proxy.conf -> remote file /etc/httpd/conf.d/cobbler-proxy.conf Local file /etc/httpd/conf.d/rhn_proxy.conf -> remote file /etc/httpd/conf.d/rhn_proxy.conf Local file /etc/httpd/conf.d/rhn_broker.conf -> remote file /etc/httpd/conf.d/rhn_broker.conf Local file /etc/httpd/conf.d/rhn_redirect.conf -> remote file /etc/httpd/conf.d/rhn_redirect.conf Local file /etc/jabberd/c2s.xml -> remote file /etc/jabberd/c2s.xml Local file /etc/jabberd/sm.xml -> remote file /etc/jabberd/sm.xmlThe installer then asks whether or not you wish to create a configuration channel based on the configuration files created while running
configure-proxy.sh. The installer will then create a RHN Satellite Server configuration channel based on the name of the client system upon which RHN Proxy Server is installed (in the example above the sysID is 1000010000), and collects the various
jabberdserver files that will comprise the configuration channel for the Proxy server.
- Finally, the installer starts and restarts all RHN Proxy Server related services and exits when completed.
Enabling Satellite Proxy Shutting down rhn-proxy... Shutting down Jabber router: [ OK ] Stopping httpd: [ OK ] Stopping squid: [ OK ] Done. Starting rhn-proxy... init_cache_dir /var/spool/squid... Starting squid: . [ OK ] Starting httpd: [ OK ] Starting Jabber services [ OK ] Done.
4.2.1. The Answer File
configure-proxy.shprogram allows administrators to create answer files that contain pre-filled responses to prompts in the installation program.
configure-proxy.shmanual page by typing
man configure-proxy.shat a shell prompt.
# example of answer file for configure-proxy.sh # for full list of possible option see # man configure-proxy.sh VERSION=5.4 RHN_PARENT=rhn-satellite.example.com TRACEBACK_EMAILfirstname.lastname@example.org USE_SSL=1 SSL_ORG="Red Hat" SSL_ORGUNIT="Spacewalk" SSL_CITY=Raleigh SSL_STATE=NC SSL_COUNTRY=US INSTALL_MONITORING=N ENABLE_SCOUT=N CA_CHAIN=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT POPULATE_CONFIG_CHANNEL=Y
answers.txtfor example) with
configure-proxy.sh, type the following:
Chapter 5. RHN Package Manager and Serving Local Packages
spacewalk-proxy-package-managerpackage and its dependencies.
*.rpm) are stored on the RHN Proxy Server.
| ||Increase verbosity.|
| ||Process packages from directory DIR.|
| ||Manage this channel — may be present multiple times.|
| ||Process this number of headers per call — the default is 32.|
| ||List each package name, version number, release number, and architecture in the specified channel(s).|
| ||Check if local directory is in sync with the server.|
| ||Print the current configuration and exit.|
| ||Exclude files matching this glob expression — can be present multiple times.|
| ||Push only the packages that are newer than packages already pushed to the server for the specified channel.|
| ||Read the package names from stdin.|
| ||Push unsigned packages. By default the RHN Package Manager attempts to push only signed packages.|
| ||Specify your RHN username. If you do not provide one with this option, you will be prompted for it.|
| ||Specify your RHN password. If you do not provide one with this option, you will be prompted for it.|
| ||Upload source package headers.|
| ||In the post-upload step, do not copy the packages to their final location in the package tree.|
| ||Only print the packages to be pushed.|
| ||Not recommended — Turn off SSL.|
| ||Briefly describe the options.|
| || Copies the file listed in the argument into the specified channel. Useful when a channel on the proxy is missing a package and you don't want to reimport all of the packages in the channel. E.g., |
| ||Display the help screen with a list of options.|
- Create a private channel.
- Upload the local packages into the channel.
5.1. Creating a Private Channel
- Log in to the RHN Web interface at https://rhn.redhat.com.
- Click Channels on the top navigation bar. If the Manage Channels option is not present in the left navigation bar, ensure that this user has channel editing permissions set. Do this through the Users category accessible through the top navigation bar.
- In the left navigation bar, click Manage Software Channels and then the button at the top-right corner of the page.
- Select a parent channel and base channel architecture, then enter a name, label, summary, and description for the new private channel. The channel label must: be at least six characters long, begin with a letter, and contain only lowercase letters, digits, dashes (-), and periods(.). Also enter the URL of the channel's GPG key. Although this field is not required, it is recommended to enhance security. For instructions on generating GPG keys, refer to the RHN Channel Management Guide.
5.2. Uploading Packages
rhn_package_manager -c "label_of_private_channel" pkg-list
pkg-listis the list of packages to be uploaded. Alternatively, use the
-doption to specify the local directory that contains the packages to add to the channel. Ensure that the directory contains only the packages to be included and no other files. RHN Package Manager can also read the list of packages from standard input (using
rhn_package_manager -c "label_of_private_channel" --source pkg-list
--channel), the uploaded package headers will be linked to all the channels listed.
rhn_package_manager -s -c "label_of_private_channel"
-soption will list all the missing packages (packages uploaded to the RHN Server not present in the local directory). You must be an Organization Administrator to use this command. The script will prompt you for your RHN username and password.
Chapter 6. Upgrade Installation
- Red Hat Enterprise Linux 5 (32-bit or 64-bit) or Red Hat Enterprise Linux 6 (64-bit only).
- The deletion of the old Proxy Server's system profile from Red Hat Network Classic or the parent Satellite Server (if applicable).
6.2. Upgrade Installation Process
- Back up your Proxy Server. If applicable, restore the SSL build direction from the backup to the directory
- Register the Proxy Server to either Red Hat Network Classic or the parent Satellite Server (if applicable) Make sure that the Proxy Server is subscribed to both the Red Hat Enterprise Linux Server base channel and the Red Hat Network Tools child channel.
- Install the
spacewalk-proxy-installerpackage from the Red Hat Network Tools child channel:
# yum install spacewalk-proxy-installer
- install the latest version of Proxy, as documented in Section 4.2, “RHN Proxy Server Installation Process”.
NoteIf the Proxy server is registered to Red Hat Network Classic and the Proxy Server previously managed custom channels, you will need to restore the custom package repository from the pre-upgrade backup. The permissions and ownership will also need to be set up properly.
# chmod 0750 /var/spool/rhn-proxy # chown apache:apache /var/spool/rhn-proxy # mkdir -m 0750 -p /var/spool/rhn-proxy/list # chown apache:apache /var/spool/rhn-proxy/listThe default custom package repository is usually
- After the installation, update the server to the latest errata updates:
# yum update
- Restart the RHN Proxy Server services and test the RHN Proxy Server's functionality:
# /usr/sbin/rhn-proxy restart
Chapter 7. Troubleshooting
7.1. Managing the Proxy Service
rhn-proxy, that allows administrators to stop, start, restart, or retrieve status on the Proxy.
Table 7.1. rhn-proxy commands
| ||This command will start the RHN Proxy Server if it isn't already started.|
| ||This command will stop the RHN Proxy Server if it isn't already stopped.|
| ||This command will stop the currently running RHN Proxy Server and restart it. If the RHN Proxy Server is stopped, it will simply start it.|
| ||This command will display the RHN Proxy Server's current status.|
7.2. Log Files
Table 7.2. Log Files
|Component||Log File Location|
|Apache Web server|| |
|RHN Proxy Broker Server|| |
|RHN SSL Redirect Server|| |
|Red Hat Update Agent|| |
7.3. Questions and Answers
- Q: After configuring the RHN Package Manager how can I determine if the local packages were successfully added to the private RHN channel?
- Q: I've changed the DNS name setting of my Proxy Server, and now my client systems can't update. How can I fix this?
- Q: How can I determine whether the clients are connecting to the Squid server?
- Q: The Red Hat Update Agent on the client systems does not connect through the RHN Proxy Server. How can I resolve this error?
- Q: My RHN Proxy Server configuration does not work. Where do I begin troubleshooting it?
rhn_package_manager -l -c "name_of_private_channel"to list the private channel packages known to the RHN Servers. Or visit the RHN Web interface.
up2date -l --showallon the registered system and look for the packages from the private RHN channel.
up2date -ucommand on the client system for the name change to take effect.
/var/log/squid/access.logfile logs all connections to the Squid server.
yum update yumas root or from http://www.redhat.com/support/errata/.
/etc/sysconfig/rhn/systemidis owned by root.apache with the permissions 0640.
7.4. General Problems
tailall log files and then run
up2date --list. You should then examine all new log entries for potential clues.
service httpd status
service squid status
7.5. Host Not Found/Could Not Determine FQDN
/etc/hostsfile. Confirm this by examining the
/etc/nsswitch.conffile, which defines the methods and the order by which domain names are resolved. Usually, the
/etc/hostsfile is checked first, followed by Network Information Service (NIS) if it is being used, followed by DNS. One of these has to succeed for the Apache Web server to start and the RHN client applications to work.
/etc/hostsfile. It may look like this:
127.0.0.1 this_machine.example.com this_machine localhost.localdomain \ localhost
127.0.0.1 localhost.localdomain.com localhost
127.0.0.1 localhost.localdomain.com localhost
188.8.131.52 this_machine.example.com this_machine
7.6. Connection Errors
- Confirm the correct package:
rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpmis installed on the RHN Proxy Server and the corresponding
rhn-org-trusted-ssl-cert-*.noarch.rpmor raw CA SSL public (client) certificate is installed on all client systems.
- Verify the client systems are configured to use the appropriate certificate.
- If using one or more RHN Proxy Servers, ensure each Proxy's SSL certificate is prepared correctly. If using the RHN Proxy Server in conjunction with an RHN Satellite Server the Proxy should have both its own server SSL key-pair and CA SSL public (client) certificate installed, since it will serve in both capacities. Refer to the SSL Certificates chapter of the RHN Client Configuration Guide for specific instructions.
- If the RHN Proxy Server is connecting through an HTTP Proxy, make sure the URL listed is valid. For instance, the HTTP Proxy URL field should not contain references to protocols, such as http:// or https://. Only the hostname and port should be included in the form hostname:port, such as
- Make sure client systems are not using firewalls of their own, blocking required ports, as identified in Section 2.4, “Additional Requirements”.
7.7. Caching Issues
/var/spool/squid/. To clear it:
- Stop the Apache Web server:
service httpd stop
- Stop the Squid server:
service squid stop
- Delete the contents of that directory:
rm -fv /var/cache/rhn/*
- Restart both services:
service squid start service httpd start
rm -fv /var/cache/rhn/*
chkconfig --level 2345 rhn_auth_cache off service rhn_auth_cache stop
/var/log/rhn/rhn_auth_cache.log) is turned off by default. If you do run the daemon and desire logging, turn it back on by adding the following line to the Proxy's
auth_cache.debug = 2
7.8. Proxy Debugging by Red Hat
sosreport. This tool collects your Proxy's configuration parameters, log files, and database information and sends it directly to Red Hat.
sospackage installed. Type
sosreport -o rhnas root on the Satellite server to create a report. For example:
[root@satserver ~]# sosreport -o rhn sosreport (version 1.7) This utility will collect some detailed information about the hardware and setup of your Red Hat Enterprise Linux system. The information is collected and an archive is packaged under /tmp, which you can send to a support representative. Red Hat will use this information for diagnostic purposes ONLY and it will be considered confidential information. This process may take a while to complete. No changes will be made to your system. Press ENTER to continue, or CTRL-C to quit.
/tmp/directory to your Red Hat representative for immediate diagnosis.
Appendix A. Sample RHN Proxy Server Configuration File
/etc/rhn/rhn.confconfiguration file for the RHN Proxy Server provides a means for administrators to establish key settings. Be warned, however, that errors inserted into this file may cause Proxy failures. Make configuration changes with caution.
rhn.conffor testing purposes only. Set its value to 0 to turn off SSL between the Proxy and the upstream server temporarily. Note though that this greatly compromises security. Return the setting to its default value of 1 to re-enable SSL, or simply remove the line from the configuration file.
# Automatically generated RHN Management Proxy Server configuration file. # ------------------------------------------------------------------------- # SSL CA certificate location proxy.ca_chain = /usr/share/rhn/RHNS-CA-CERT # Corporate HTTP proxy, format: corp_gateway.example.com:8080 proxy.http_proxy = # Password for that corporate HTTP proxy proxy.http_proxy_password = # Username for that corporate HTTP proxy proxy.http_proxy_username = # Location of locally built, custom packages proxy.pkg_dir = /var/spool/rhn-proxy # Hostname of RHN Server or RHN Satellite proxy.rhn_parent = rhn.redhat.com # Destination of all tracebacks, etc. traceback_mail = email@example.com, firstname.lastname@example.org
Appendix B. Revision History
|Revision 3-5.401||Thu Aug 20 2015|
|Revision 3-5||Wed Sept 19 2012|
|Revision 3-4||Wed Jul 4 2012|
|Revision 3-0||Wed Jul 4 2012|
|Revision 2-5||Thu Jan 5 2012|
|Revision 2-4||Mon Aug 15 2011|
|Revision 2-3||Wed Jun 22 2011|
|Revision 2-2||Wed Jun 15 2011|
|Revision 2-1||Fri May 27 2011|
|Revision 2-0||Fri May 6 2011|
|Revision 1-9||Wed April 27 2011|
|Revision 1-8||Mon Feb 7 2011|
- disk space requirements, Disk Space Requirements
- Frequently Used Terminologies, Frequently Used Terminologies
- general problems, General Problems
- log files, Log Files
- questions and answers, Questions and Answers
- Red Hat Network
- introduction, Red Hat Network
- Red Hat Update Agent, Frequently Used Terminologies, How Proxy Works
- requirements, Requirements
- RHN Authentication Daemon, disabling
- rhn_auth_cache, stopping, Caching Issues
- RHN Package Manager, How Proxy Works, RHN Package Manager and Serving Local Packages
- channels, specifying, Uploading Packages
- command line options, RHN Package Manager and Serving Local Packages
- configuration file, RHN Package Manager and Serving Local Packages
- configuring, Creating a Private Channel
- create private channel, Creating a Private Channel
- installing, RHN Package Manager and Serving Local Packages
- upload package headers, Uploading Packages
- verify local package list, Uploading Packages
- service, Managing the Proxy Service
- sample file, Sample RHN Proxy Server Configuration File
- rhn_package_manager , Uploading Packages (see RHN Package Manager)
- topologies, Example Topologies
- traceback, Frequently Used Terminologies
- troubleshooting, Troubleshooting