5.4.3. Configuring Servers for Enhanced Entitlements Reporting

The Satellite 5 server requires some configuration to allow successful communication with Subscription Asset Manager. The following procedure provides the necessary steps for configuration.

Procedure 5.2. To Configure Servers for Enhanced Entitlements Reporting

  1. Access the terminal on your SAM server using root permissions.
  2. Generate an SSH key pair on the SAM server: 
    [root@sam13] # su - splice -s /bin/sh -c 'ssh-keygen -t rsa -f /var/lib/splice/id_rsa-sat -N ""'
    Make a note of the content of the public key file: 
    [root@sam13] # cat /var/lib/splice/id_rsa-sat.pub
  3. Access the terminal on your Satellite 5 server using root permissions.
  4. Create a new swreport user on the Satellite 5 machine and provide the user with a .ssh directory. 
    [root@sat56] # useradd swreport
[root@sat56] # mkdir /home/swreport/.ssh
  5. Append the /home/swreport/.ssh/authorized_keys file with the contents of the /var/lib/splice/id_rsa-sat.pub file on your chosen Subscription Management Application.
  6. Prepend the SAM public key content in /home/swreport/.ssh/authorized_keys with the following: 
    command="/usr/bin/spacewalk-report $SSH_ORIGINAL_COMMAND"
    This ensures the swreport user only uses the spacewalk-report command.
  7. Set permissions and the SELinux content on the .ssh directory and authorized_keys file for the swreport user. 
    [root@sat56] # chown -R swreport:swreport /home/swreport/.ssh
[root@sat56] # chmod 700 /home/swreport/.ssh
[root@sat56] # chmod 600 /home/swreport/.ssh/authorized_keys
[root@sat56] # restorecon -R /home/swreport/.ssh
  8. The swreport user requires permissions to read rhn.conf and connect to the database. Add this user to the apache group. 
    [root@sat56] # gpasswd -a swreport apache
  9. Test your connection. Switch to the Subscription Asset Manager server and run the following command: 
    [root@sam13] # su - splice -s /bin/bash
[splice@sam13] # ssh -i /var/lib/splice/id_rsa-sat swreport@sat56-hostname splice-export
    Substitute sat56-hostname for the hostname of the Subscription Asset Manager server.

    Important

    This command is required to accept the Satelite 5 server's fingerprint.
  10. Edit the /etc/splice/checkin.conf on the Subscription Asset Manager server. 
    [root@sam13] # vi /etc/splice/checkin.conf
  11. Edit the following sections: 
    [spacewalk]
host=hostname
ssh_key_path=/var/lib/splice/id_rsa-sat
login=swreport

[katello]
hostname=localhost
port=443
proto=https
api_url=/sam
admin_user=admin
admin_pass=password
    Substitute hostname for the hostname of the Satellite 5 server and password for your SAM administration password. Enter the location of the SAM SSH key for the ssh_key_path parameter. Save your changes.
  12. Run spacewalk-splice-checkin tool as the splice user to generate organizations from the Satellite 5 server. 
    [root@sam13] # su - splice -s /bin/bash
[splice@sam13] $ spacewalk-splice-checkin
The spacewalk-splice-checkin tool also runs as a cronjob on the Subscription Asset Manager server. It reads system and channel data from the Satellite 5 server's spacewalk-report tool and pushes the data into the SAM database. Subscription Asset Manager then provides reports to display entitlement consumption for the current state of the systems in Satellite 5 along with historical data.
Before viewing this data, the SAM server requires a subscription manifest that corresponds to the entitlements on your Satellite 5 server.