1.2. Creating and Managing Custom Channels
- Paid Service Channels - These channels are available if the organization has purchased access to them either directly or in conjunction with a particular Red Hat solution. Red Hat Enterprise Linux is an example of a paid service channel.
- Custom Channels - These channels are created by the organizational administrator to manage custom packages. These channels, also known as private channels, by default, appear only to the organization who creates them; they can never be accessed by anyone else. However, private channels can be shared across organizations by setting up Organizational Trusts and sharing the channel.
Note
1.2.1. Tools, Repositories, and Practices
- Red Hat Network Package Manager - Use this to push custom packages into custom channels on your Red Hat Satellite Proxy Server.
- Red Hat Network Push - Use this to push custom packages into custom channels on your Red Hat Satellite Server.
- Red Hat Satellite Synchronization Tool - Use this to import and synchronize standard packages from Red Hat Network Classic to the Red Hat Satellite server at your location. This is done via the Internet or CD/DVD ISO images.
Note
1.2.2. Creating a Software Channel
- Log in to the Red Hat Satellite website as a Channel Administrator.
- On the top navigation bar, click the Channels tab and then click the button on the left navigation bar.
- On the Software Channel Management page, click at the top-right corner. Red Hat Satellite Server administrators are presented with the option to . See Section 1.2.8, “Cloning Software Channels” for instructions.
- On the New Channel page, define the details of the channel following the instructions on the page. For most channel management actions, the Channel Label is used to identify the channel, so select a meaningful label. View the details of existing channels for ideas.The GPG key URL must be the location of the key on the server, as defined during the client configuration process. See the Red Hat Satellite Client Configuration Guide. The GPG key ID is the unique identifier, such as "DB42A60E", while the GPG key fingerprint is similar to "CA20 8686 2BD6 9DFC 65F6 ECC4 2191 80CD DB42 A60E". Notice that the key ID is the same as the last pair of quartets in the key fingerprint.
- When finished, clickat the bottom of the page.
1.2.3. Assigning Packages to Software Channels
- Click on the Channels tab in the top navigation bar and then Manage Software Channels on the left navigation bar.
- In the Software Channel Management page, click the name of the channel to receive packages.
- In the Basic Channel Details page, click the Packages tab and then the Add subtab. To associate packages with the channel being edited, select the option containing the packages from the dropdown menu and click .
Note
Packages already associated with the channel being edited are not displayed. Packages not assigned to a specific channel are found in themenu item. Selecting presents all available packages. - Select the checkboxes of the packages to be assigned to the edited channel and clickat the bottom-right corner of the page. A confirmation page appears with the packages listed.
- Click List/Remove subtab of the Managed Software Channel Details page then appears with the new packages listed.to associate the packages with the channel. The
1.2.4. Managing Channel Management Privileges
- Log in to the Red Hat Satellite website as an Organization Administrator.
- On the top navigation bar, click the Users tab and then click the name of the user who is performing channel management functions.
- On the User Details page, scroll down to the Roles section and select the checkbox labeled Channel Administrator. Then click at the bottom of the page. Note that Organization Administrators are automatically granted channel administration privileges.
- Have the user log in to the Red Hat Satellite website, click the Channels tab on the top navigation bar, and ensure the button appears on the corresponding left navigation bar.
1.2.5. Changing Custom Channel Permissions
- Restricting channel content to specific organizations and systems for qualifying purposes like testing different software configurations before production
- Controlled distribution of licensed or third-party packages
1.2.5.1. Modifying Custom Channel User Permissions
It is assumed that there is an existing channel that needs permission changes.
- Log in to the Satellite server as a channel or organization administrator.
- Click→ .
- Click the channel whose permissions need to be modified.
- Scroll down to the→ and
- Clickto save the changes.
- Click thesubtab and select the users that should be able to subscribe to the channel.
- Click.
1.2.5.2. Modifying Custom Organization Permissions
It is assumed that there is an existing channel that needs permission changes.
- Log in to the Satellite server as a channel or organization administrator.
- Click→ .
- Click the channel whose permissions need to be modified.
- Scroll down to the→ . Choose either of the following:
- This channel is private and cannot be accessed by any other organization.
- This channel is protected and may only be accessed by specific trusted organizations.
- This channel is public and may be accessed by any of the trusted organizations trusted by this organization.
- Click Update Channel.
- (Optional) If you chose protected channel, the Satellite server will ask to confirm the channel sharing modification that was made. Since systems maybe subscribed to the channel that will be removed because of the change in channel permissions. Choose either to:
- Click onto unsubscribe any systems previously subscribed from trusted organizations.
- Click onto keep the systems from trusted organizations subscribed.
- Clickif you wish to review the systems and trusted organizations before taking action.
1.2.6. Manage Software Channels
Warning
1.2.7. Basic Channel Details
- Details - Provides basic information about the channel, such as its parent channel, name, summary, and description. Some of this information is modifiable. In addition, a Per-User Subscription Restrictions combobox can be seen by Organization Administrators and Channel Administrators. This signifies the default behavior of every channel allowing any user to subscribe systems to it. Unchecking this box and clicking causes the appearance of a Subscribers tab, which is used to grant certain users subscription permissions to the channel.
- Organizations - Provides a list of organizations in which the channel has granted access to view and consume content in the channel. These organizations are listed because of the organizational trust your Organization has with them. Access to this channel by organizations can be modified here. Select the checkbox and click on to remove an organization's access. Note that Organization Administrators and Channel Administrators automatically have subscription access to all channels.
- Managers - Lists users who have management permissions to the custom channel. This tab appears for Organization Administrators and Channel Administrators. Select the checkboxes of the users to be allowed full administration of this channel and click . This status does not enable the user to create new channels. Note that Organization Administrators and Channel Administrators automatically have management access to all channels.
- Errata - Provides the errata associated with each of your custom channels. Just as Red Hat Network produces and delivers errata updates to Red Hat Enterprise Linux software, you deliver errata updates to your custom channels as part of updating your servers with the latest code. This tab contains subtabs that allow you to view, add, remove, and clone erratum: List/Remove, Add and Clone. Note that cloning errata can be done only via Red Hat Satellite Server.
- List/Remove - Displays all of the errata currently associated with the custom channel and provides a means to cancel that association. To remove errata from the channel, select their checkboxes and click on the bottom right-hand corner of the page. A confirmation page appears listing the errata to be removed. Click to complete the action.
- Add - Enables the addition of errata to the channel. All of the errata potentially applicable to the channel are listed. To add errata to the channel, select the appropriate checkboxes and click . See Chapter 5, Errata Management for a discussion of errata management.
- Clone - Allows Satellite customers to replicate errata and associated packages for a cloned channel. This subtab immediately appears populated for channels that were cloned with either the original state or select errata option. The Clone tab also gains errata whenever one is issued for the target (that is, originating) channel. This makes it useful for channels cloned with the current state option, as well. See Section 1.2.8, “Cloning Software Channels” for a discussion of cloning options.To include errata from the target channel in the cloned channel, select eitheror from each advisory's dropdown menu. The option exists only if the erratum has been previously cloned. Use it to associate the erratum across channels and avoid duplicate entries. Use the option to create a new entry, such as when modifying it from the previous clone.By default, cloned errata inherit the label of the original Red Hat advisory with the "RH?" prefix replaced with "CL". For example, RHSA-2003:324 becomes CLA-2003:324. Subsequent clones of the same advisory have their second letters sequenced to denote their order, such as "CM" and "CN". These labels can be altered through the Errata Management page. See Chapter 5, Errata Management for instructions.In addition to the Owned Errata column. The erratum label is linked to its details page. The pub and mod flags within parentheses identify whether the cloned erratum has been published or modified from the original advisory. A plus sign + before the flag indicates affirmative, the cloned errata has been published. A minus sign - before the flag denotes negative. For example, (-mod) may mean a package has been deleted. To find out more about publishing and editing custom errata, See Chapter 5, Errata Management.option, previously cloned errata contain values within theTo exclude errata from the cloned channel, selectfrom the dropdown menus. When satisfied with the changes, click . Review the impending changes on the confirmation page and click .
- Sync - Displays the errata packages that were not included in the initial channel cloning but have since been updated. This page is where cloned channels can be synchronized with current errata by marking the desired checkbox and clicking .
- Packages - Provides the packages associated with each of the custom channels. This tab contains the following subtabs that allow organizations to view, add, and remove packages: List/Remove, Add, and Compare.
- List/Remove - Displays all of the packages currently associated with the custom channel and provides a means to cancel that association. To remove packages from the channel, select their checkboxes and click on the bottom right-hand corner of the page. A confirmation page appears with the packages to be removed listed. Click to complete the action.
Important
The list displayed on this page differs from the standard package list available in the Software Channel Details page. It displays all versions of a package remaining in the database rather than just the latest. It is possible to revert to a previous version of a package simply by removing the latest version. - Add - Enables the addition of packages to the channel. To see available packages, select an option from the View dropdown menu and click . To add packages to the channel, select the appropriate checkboxes and click . See Section 1.2.3, “Assigning Packages to Software Channels” for more information about this process.
- Compare - Enables the comparison of package lists between different channels. To see the differences, select another channel from the Compare to: dropdown menu and click . A list appears showing all packages not contained by both channels and indicating the existing channel location of each.
- Repositories - Select to assign
yum
repositories to the channel and synchronize repository content.- Add / Remove — Lists configured repositories. Repositories can be added and removed by selecting the checkbox next to the repository name and clicking .
- Sync — Lists configured repositories. The synchronization schedule can be set using the dropdown boxes, or an immediate synchronization can be performed by clicking .
1.2.8. Cloning Software Channels
- Click the Channels tab on the top navigation bar then the Manage Software Channels on the left navigation bar. This takes you to the Software Channel Management page.
- Click clone channel at the top-right corner to begin cloning.Three cloning options are presented: current state of the channel, original state of the channel, or select errata. These options are described fully on the webpage itself but are summarized as:
- Current state of the channel - All of the errata and all of the latest packages now in the target channel.
- Original state of the channel - All of the original packages from the target channel but none of the errata or associated update packages.
- Select Errata - All of the original packages from the target channel with the ability to exclude certain errata and associated update packages.
- Select the option desired using the radio buttons within the Clone field, identify the target channel using the Clone From dropdown menu, and click .
- On the New Software Channel page, complete the fields as described in Section 1.2.2, “Creating a Software Channel”. The default values will suffice.
- Click Details tab of Managed Software Channel Details page will appear. Alter the settings for the new channel. See Section 1.2.7, “Basic Channel Details” for instructions.. If either the original or current option is selected, theIf the select errata option to clone the channel is selected, it will redirect to the Clone subtab of Managed Software Channel Details page instead. Errata and associated packages for cloning may have to be individually selected for cloning and inclusion in the new channel. See Section 1.2.7, “Basic Channel Details” for specific instructions.
Note
spacewalk-clone-by-date
.
1.2.9. Creating Custom Channels From Specific Update Levels
- A controlled environment with systems that require only minor release updates instead of the latest updates
- A test environment with a specific package set
- Systems with applications that require specific versions to function
To implement the solution below, the Satellite Server must be subscribed to the Red Hat Network Tools channel and the spacewalk-remote-utils must be installed on the Satellite Server. The package is included in the Red Hat Network Tools channel.
- Log in as root to the Satellite server.
- Create the custom channel from a specific update level on Red Hat Satellite:
# spacewalk-create-channel --user=admin --server=localhost --version=6 --update=GOLD --release=Server --arch=x86_64 --destChannel=gold-rhel6 You have not specified a source channel, we will try to determine it from inputs Trying with source channel: rhel-x86_64-server-6 Creating channel, gold-rhel6, with arch x86_64 2797 packages in source file to push. Pushing 2797 packages, please wait. Successfully pushed 2797 packages out of 2797 # spacewalk-create-channel -l admin -s localhost -d update1-rhel6 -D /usr/share/rhn/channel-data/6-u1-server-x86_64 Password: You have not specified a source channel, we will try to determine it from inputs Trying with source channel: rhel-x86_64-server-6 Creating channel, update1-rhel6, with arch x86_64 2857 packages in source file to push. Pushing 2857 packages, please wait. Successfully pushed 2857 packages out of 2857
Where:- -lUSER, --user=USER - The username to connect to the server.
- -sSERVER, --server=SERVER - The hostname or IP address of the Satellite or Spacewalk server to connect to. Defaults to localhost.
- -vVERSION, --version=VERSION - The version of the channel to create (e.g. 6, 5, 4).
- -rRELEASE, --release=RELEASE - The release of the channel to create (e.g. AS, ES, WS, Server, Client, Desktop).
- -uUPDATE_LEVEL, --update=UPDATE_LEVEL - The update level of a channel to create (e.g. GOLD, U1, U2, U3, U4, U5, U6, U7, U8, U9), where GOLD stands for the initial release.
- -aARCH, --arch=ARCH - The arch of the channel to create (e.g. i386, ia64, ppc, s390, s390x, x86_64).
- -dDEST_CHANNEL, --destChannel=DEST_CHANNEL - The label of the destination channel. This will be created if not present.
- -DDATAFILE, --data=DATAFILE - Path to a list of rpms to move to the destination channel, only used if version, release, update, and arch are not specified.(Optional)
Note
1.2.10. Removing Software Packages
Warning
- Go to the Package Management page and select an option containing the packages from the dropdown menu and click .
- Select the appropriate checkboxes and click Delete Package(s) to delete the packages entirely.. A confirmation page appears with the packages listed. Click
Note
1.2.11. Deleting Software Channels
Note
Important
- Packages from the channel will remain on the server even if the channel is removed. There is an option to delete them after.
- Any errata related to the channel may be orphaned after the channel deletion.
- The Satellite server will not delete a parent channel if a child channel exists. Delete all child channels before deleting the parent.
- Kickstart distributions must be dissociated from the channel or deleted before deleting the channel.
- If the established channel on the Proxy is connected to a Satellite, delete the channel on the Red Hat Satellite Proxy Server.
1.2.12. Uploading and Maintaining Custom Packages
Warning
1.2.12.1. Uploading Packages to Red Hat Satellite Proxy Server
spacewalk-proxy-package-manager
RPM package and its dependencies. This package is available to registered Red Hat Satellite Proxy Server systems and is installed by running yum install spacewalk-proxy-package-manager
.
Note
*.rpm
) are stored on the Red Hat Satellite Proxy Server. For this reason, custom packages cannot be downloaded through the Red Hat Satellite website, although they are listed. They must be retrieved by the client system using yum install
.
1.2.12.1.1. Configuring and Using the Red Hat Network Package Manager
scp
:
# scp foo.rpm root@rhnproxy.example.com:/tmp
Note
# rhn_package_manager -c label_of_private_channel pkg-list
-c
or --channel
), the uploaded package headers are linked to all the channels identified. If a channel is not specified, the packages are deposited in the No Channels section of the Package Management page. See Section 1.2.3, “Assigning Packages to Software Channels” for instructions on reassigning packages.
-d
option to specify the local directory that contains the packages to be added to the channel. Red Hat Network Package Manager can also read the list of packages from standard input (using --stdin
).
/etc/rhn/default/rhn_proxy_package_manager.conf
. The choices can be overridden in the default configuration file with settings in the main configuration file /etc/rhn/rhn.conf
or via command line options passed to Red Hat Network Package Manager.
.rhn_package_manager
in the home directory of the user currently logged in and finally from /etc/rhn/rhn_package_manager.conf
. Make sure all of these files have the appropriate permissions to prevent others from reading them.
# rhn_package_manager -s -c name_of_private_channel
-s
option lists all the missing packages, which are packages uploaded to the Red Hat Satellite Server but not present in the local directory. You must be an Organization Administrator to use this option. The application prompts you for your Red Hat Satellite username and password.
--copyonly
option copies the file listed in the argument into the specified channel without uploading to the Satellite. This is useful when a channel on a Red Hat Satellite Proxy Server is missing a package and you don't want to reimport all of the packages in the channel.
# rhn_package_manager -c channel-name --copyonly /path/to/missing/file
# rhn_package_manager -l -c name_of_private_channel
-l
option lists the package name, version number, release number, architecture, and channel name for each package in the specified channel(s). See Section 1.2.12.1.1, “Configuring and Using the Red Hat Network Package Manager” for additional options.
rhn_package_manager
):
Table 1.1. rhn_package_manager
options
Option | Description |
---|---|
-v, --verbose | Increase verbosity of standard output messages. |
-d, --dir DIRECTORY_NAME | Process packages from this directory. |
-c, --channel CHANNEL_NAME | Specify the channel to receive packages. Multiple channels may be specified using multiple instances of -c (e.g.: -c channel_one -c channel_two ) |
-n, --count NUMBER | Process this number of headers per call - the default is 32. |
-l, --list | List the packages in the specified channel(s). |
-s, --sync | Check if local directory is in sync with the server. |
-p, --printconf | Print the current configuration and exit. |
--newest | Push only the packages that are newer than those on the server. Note that source packages are special in that their versions are never compared to each other. Their newness is dependent on their associated binary packages. Using this option with Red Hat Network Package Manager and just a source package does upload the package, but the source package does not appear in the Red Hat Satellite Web interface until the associated binary package has been uploaded. Contrast this with --source . Using --source --newest together does update the stand-alone source package with newer packages and does not require an associated binary package to be uploaded first. |
--source | Upload the indicated source packages. Doing this treats them as plain, stand-alone packages and not as special source packages associated with another, pre-existing binary package. For example, use this when application sources need to be distributed to developers and testers outside of regular source control management. |
--stdin | Read the package names from standard input. |
--nosig | Don't fail if packages are unsigned. |
--no-ssl | Turn off SSL (not recommended). |
--stdin | Read the package names from standard input. |
--username USERNAME | Specify the Red Hat Satellite username. If the username is not provided, you will be prompted for the username of a valid Channel Administrator. |
--password PASSWORD | Specify the Red Hat Satellite password. If the password is not provided, you will be prompted for the password of a valid Channel Administrator. |
--dontcopy | In the post-upload step, do not copy the packages to their final location in the package tree. |
--copyonly | Only copy the packages, do not re-import them. |
--test | Only print a list of the packages to be pushed. |
-?, --help | Display the help screen with a list of options. |
--usage | Briefly describe the available options. |
--copyonly | Only copy packages |
Note
rhn_package_manager
manual page: man rhn_package_manager
.
1.2.12.2. Uploading Packages to Red Hat Satellite Server
rhnpush
package and its dependencies. This package is available to registered Red Hat Satellite Server systems and is installed by running yum install rhnpush
.
Note
1.2.12.2.1. Configuring the Red Hat Network Push Application
/etc/sysconfig/rhn/rhnpushrc
. This file contains values for all the options contained in Section 1.2.12.2.1, “Configuring the Red Hat Network Push Application”.
rhnpush
command is issued. Settings in the current directory (./.rhnpushrc
) take precedent over those in the user's home directory (~/.rhnpushrc
), which are used before those in the central configuration file (/etc/sysconfig/rhn/rhnpushrc
).
- The software channel to be populated
- The home directory configuration file to include the username to be invoked
- The central configuration file to identify the server to receive the packages
rhnpush
command:
Table 1.2. rhnpush
options
Option | Description |
---|---|
-v --verbose | Increase verbosity, option can be used multiple times, that is, -vv , -vvv , and so forth. |
-d, --dir DIRECTORY | Process packages from this directory. |
-c, --channel=CHANNEL_LABEL | Specify the channel to receive packages. Note that this is required and is not the same as the channel's name. Multiple channels may be specified using multiple instances of -c (e.g. -c CHANNEL_ONE -c CHANNEL_TWO ). |
-n, --count N_HEADERS_PER_CALL | Process this number of headers per call. Must be an integer. The default number is 25. |
-l, --list | List only the specified channels. |
-r, --reldirRELATIVE_DIRECTORY | Associate this relative directory with each file. |
-o, --orgidORGANIZATION_ID | Include the organization's ID number. Must be an integer. |
-u , --username USERNAME | Include the Red Hat Satellite username of the user that has administrative access to the specified channel. If not provided, rhnpush prompts for the username of a valid Channel Administrator. The username and password are cached in ~/.rhnpushcache for a limited time, five minutes being the default. Use --new-cache to force a new username and password. |
-p , --password PASSWORD | Include the Red Hat Satellite password of user that has administrative access to the specified channel. If not provided, rhnpush prompts for the password of a valid Channel Administrator. The username and password are cached in ~/.rhnpushcache for a limited time, five minutes being the default. Use --new-cache to force a new username and password. |
-s, --stdin | Read package list from standard input, for example from a piped ls command. |
-X, --exclude GLOB | Exclude packages that match this glob expression. |
--force | Force upload of a package, even if a package of that name and version currently exists in the channel. Without this option, uploading a pre-existing package returns an error. |
--nosig | Don't fail if packages are unsigned. |
--new-cache | Forces Red Hat Network Push to drop the username and password cache, then accept or ask for new ones. This is useful if mistakes are entered the first time. |
--newest | Push only the packages that are newer than those on the server. Note that source packages are special in that their versions are never compared to each other. Their newness is dependent on their associated binary packages. Using this option with Red Hat Network Push and just a source package does upload the package, but the source package does not appear in the Red Hat Satellite Web interface until the associated binary package has been uploaded. Contrast this with --source . Using --source --newest together does update the stand-alone source package with newer packages and does not require an associated binary package to be uploaded first. |
--header | Upload only the headers. |
--source | Upload the indicated source packages. Doing this treats them as plain, stand-alone packages and not as special source packages associated with another, pre-existing binary package. For example, use this when you want to distribute application source to developers and testers outside of regular source control management. |
--server SERVER | Specify the server to which packages are uploaded. Currently, a value of http://localhost/APP is necessary. This parameter is required. |
--test | This only prints a list of the packages to be pushed, it doesn't actually push them. |
-h, --help | Briefly describe the options. |
-?, --usage | View the usage summary. |
Note
rhnpush
manual page: man rhnpush
.
1.2.12.2.2. Using the Red Hat Network Push application
Note
# rhnpush -c label_of_private_channel pkg-list
# rhnpush -c label_of_private_channel --server=localhost pkg-list
-c
or --channel
), the uploaded package headers are linked to all the channels identified. If there is no channel specified, the packages are deposited in the No Channels section of the Package Management page. See Section 1.2.3, “Assigning Packages to Software Channels” for instructions on reassigning packages.
--server
option specifies the server to which the packages are installed, and is required. Red Hat Network Push can be installed on external systems, but running Red Hat Network Push locally on the Red Hat Satellite Server is recommended.
pkg-list
reference represents the list of packages to be uploaded. Alternatively, use the -d
option to specify the local directory that contains the packages to be added to the channel. Red Hat Network Push can also read the list of packages from standard input (using --stdin
).