3.2. Red Hat Satellite Proxy Server Installation Process

The following instructions describe the Satellite Proxy installation process:

Procedure 3.1. Configuring the Base System

  1. Log in as the root user on the intended Satellite Proxy system.
  2. Use the rhn_register command to register the newly-installed Red Hat Enterprise Linux system with either Red Hat Network or Red Hat Satellite Server, using the organizational account containing the Satellite Proxy entitlement.
  3. Subscribe the client to the Red Hat Network Tools channel.
  4. Install the Satellite Proxy installation package. This package contains the main script that leads you through the actual Satellite Proxy installation. 
    # yum install spacewalk-proxy-installer
Installing the Red Hat Satellite Proxy Server

The command-line installation program guides you through the actual Satellite Proxy installation process. This program presents a series of prompts regarding Satellite Proxy installation and initial configuration details, such as installation options and SSL certificate generation. You need root access to the server to perform this step.

Important

Before you running the installation script, the Satellite Proxy requires SSL files from your Satellite Server. Create the /root/ssl-build directory: 
# mkdir /root/ssl-build
Then copy the public certificate and CA certificate from the desired Red Hat Satellite to the new directory: 
# scp 'root@www.satellite.com:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}' /root/ssl-build
Alternatively, append the --force-own-ca option when you run the installation script.
Run the following installation script to install Red Hat Satellite Proxy Server: 
# configure-proxy.sh

Note

You can press Enter at any prompt to use the default response enclosed in brackets. Alternatively, use the --non-interactive option with the installation script if you want to use default answers without any user interaction.
Gathering Satellite Proxy Server Installation Information

The installation script requests details about the Satellite Proxy installation specific to the machine where you are performing the installation.

Satellite Proxy version to activate [5.6]:
Request for confirmation of the version of Satellite Proxy to install.
Red Hat Network Parent [satserver.example.com]:
The Satellite Server domain name or address of the system that serves content to the Satellite Proxy.
Traceback email []:
A comma-separated list of email addresses to which error-related traceback messages are sent, usually the email of the Satellite Proxy administrator.
Configuring SSL and Satellite Proxy Details

The installation script also requests information necessary for generating an SSL certificate, and for configuring an HTTP proxy if required. Red Hat recommends using SSL to secure traffic to and from the Satellite Proxy Server.

Use SSL [Y/n]:
Press Enter or type y to configure the Satellite Proxy to use SSL.
CA Chain [/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT]:
Press Enter to use the default path for the Certificate Authority (CA) Chain.
If the Satellite Proxy is communicating with Red Hat Satellite, then this value is usually /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT. Otherwise, custom SSL certificates must be located in the /usr/share/rhn/ directory.
HTTP Proxy []:
If the Satellite Proxy server connects through an HTTP proxy, enter the proxy host name and port number, for example, corporate.proxy.example.com:3128
Enter the details necessary to generate a valid SSL server certificate. Example 3.1, “Example Generation of an SSL Certificate” demonstrates generating such a certificate.

Example 3.1. Example Generation of an SSL Certificate

Regardless of whether you enabled SSL for the connection to the Satellite Proxy Parent
Server, you will be prompted to generate an SSL certificate.
This SSL certificate will allow client systems to connect to this Spacewalk Proxy
securely. See the Spacewalk Proxy Installation Guide for more information.
Organization: Example Company
Organization Unit [proxy1.example.com]:
Common Name: proxy1.example.com
City: New York
State: New York
Country code: US
Email [admin@example.com]:
Performing Post-installation Tasks

After the main Satellite Proxy installation tasks have been completed, the installation program performs a number of additional tasks, such as prompting for installation of monitoring support, creating configuration channels, and restarting modified daemons.

You do not have monitoring installed. Do you want to install it? Will run 'yum install spacewalk-proxy-monitoring'. [Y/n]:
Confirm whether or not you want to install Monitoring support on the Satellite Proxy server.
Configure SSL
The configure-proxy.sh program configures SSL, and prompts you to create a Certificate Authority password and confirm it before generating the SSL keys and the public certificate. Example 3.2, “Example Generation of CA Key and Public Certificate” demonstrates generating a CA key and public certificate.

Example 3.2. Example Generation of CA Key and Public Certificate

Generating CA key and public certificate:
CA password:
CA password confirmation:
Copying CA public certificate to /var/www/html/pub for distribution to clients:
Generating SSL key and public certificate:
CA password:
Backup made: 'rhn-ca-openssl.cnf' --> 'rhn-ca-openssl.cnf.1'
Rotated: rhn-ca-openssl.cnf --> rhn-ca-openssl.cnf.1
Installing SSL certificate for Apache and Jabberd:
Preparing packages for installation...
rhn-org-httpd-ssl-key-pair-proxy1.example-1.0-1
Create Configuration Channel
The installation program also requests confirmation that you want to create a configuration channel based on the configuration files created while running configure-proxy.sh.
The installation program creates a Satellite Server configuration channel based on the name of the system (the sysID) where the Satellite Proxy is installed (in the following example, the sysID is 1000010000), and collects the various httpd, SSL, squid, and jabberd server files that will comprise the configuration channel for the Satellite Proxy server.
An example of this configuration is shown in Example 3.3, “Example of Creating a Configuration Channel”.

Example 3.3. Example of Creating a Configuration Channel

Create and populate configuration channel rhn_proxy_config_1000010000? [Y]:
Using server name satserver.example.com
Red Hat Network username: admin
Password:
Creating config channel rhn_proxy_config_1000010000
Config channel rhn_proxy_config_1000010000 created
using server name satserver.example.com
Pushing to channel rhn_proxy_config_1000010000:
Local file /etc/httpd/conf.d/ssl.conf -> remote file /etc/httpd/conf.d/ssl.conf
Local file /etc/rhn/rhn.conf -> remote file /etc/rhn/rhn.conf
Local file /etc/rhn/cluster.ini -> remote file /etc/rhn/cluster.ini
Local file /etc/squid/squid.conf -> remote file /etc/squid/squid.conf
Local file /etc/httpd/conf.d/cobbler-proxy.conf -> remote file /etc/httpd/conf.d/cobbler-proxy.conf
Local file /etc/httpd/conf.d/rhn_proxy.conf -> remote file /etc/httpd/conf.d/rhn_proxy.conf
Local file /etc/httpd/conf.d/rhn_broker.conf -> remote file /etc/httpd/conf.d/rhn_broker.conf
Local file /etc/httpd/conf.d/rhn_redirect.conf -> remote file /etc/httpd/conf.d/rhn_redirect.conf
Local file /etc/jabberd/c2s.xml -> remote file /etc/jabberd/c2s.xml
Local file /etc/jabberd/sm.xml -> remote file /etc/jabberd/sm.xml
Restart services
The final step of the installation process is to restart all of the Satellite Proxy-related services. The installation program exits when this step is completed.