Red Hat Training

A Red Hat training course is available for Red Hat Satellite

第 6 章 手​​​动​​​修​​​改​​​配​​​置​​​脚​​​本​​​

本​​​章​​​介​​​绍​​​了​​​一​​​个​​​不​​​使​​​用​​​ RHN Bootstrap 获​​​得​​​启​​​动​​​脚​​​本​​​的​​​方​​​法​​​。​​​根​​​据​​​本​​​章​​​介​​​绍​​​的​​​内​​​容​​​,您​​​可​​​以​​​生​​​成​​​您​​​自​​​己​​​的​​​启​​​动​​​脚​​​本​​​。​​​
所​​​有​​​的​​​方​​​法​​​都​​​有​​​一​​​个​​​共​​​同​​​之​​​处​​​:在​​​一​​​个​​​中​​​央​​​位​​​置​​​部​​​署​​​需​​​要​​​的​​​文​​​件​​​,每​​​个​​​客​​​户​​​端​​​系​​​统​​​都​​​可​​​以​​​通​​​过​​​运​​​行​​​脚​​​本​​​文​​​件​​​来​​​容​​​易​​​地​​​获​​​得​​​并​​​安​​​装​​​这​​​些​​​文​​​件​​​。​​​在​​​本​​​章​​​中​​​,我​​​们​​​将​​​所​​​有​​​的​​​这​​​些​​​内​​​容​​​放​​​在​​​一​​​起​​​来​​​产​​​生​​​一​​​个​​​单​​​独​​​的​​​脚​​​本​​​。​​​这​​​个​​​脚​​​本​​​可​​​以​​​在​​​您​​​机​​​构​​​内​​​的​​​任​​​何​​​系​​​统​​​上​​​运​​​行​​​。​​​
当​​​我​​​们​​​将​​​前​​​面​​​章​​​节​​​中​​​介​​​绍​​​的​​​命​​​令​​​以​​​一​​​个​​​合​​​理​​​的​​​顺​​​序​​​组​​​合​​​起​​​来​​​的​​​时​​​候​​​,我​​​们​​​就​​​得​​​到​​​了​​​以​​​下​​​的​​​脚​​​本​​​。​​​请​​​记​​​住​​​,Red Hat Enterprise Linux 3 或​​​ 4 中​​​不​​​包​​​括​​​ rhn_register
# First, install the latest client RPMs to the system.
rpm -Uvh \
	http://proxy-or-sat.example.com.com/pub/rhn_register-2.8.27-1.7.3.i386.rpm \
	http://proxy-or-sat.example.com.com/pub/rhn_register-gnome-2.8.27-1.7.3.i386.rpm \
	http://proxy-or-sat.example.com.com/pub/up2date-3.0.7-1.i386.rpm \
	http://proxy-or-sat.example.com.com/pub/up2date-gnome-3.0.7-1.i386.rpm

# Second, reconfigure the clients to talk to the correct server.

perl -p -i -e 's/s/www\.rhns\.redhat\.com/proxy-or-sat\.example\.com/g' \
	/etc/sysconfig/rhn/rhn_register \
	/etc/sysconfig/rhn/up2date


# Third, install the SSL client certificate for your company's 
# RHN Satellite Server or RHN Proxy Server.
rpm -Uvh http://proxy-or-sat.example.com/pub/rhn-org-trusted-ssl-cert-*.noarch.rpm

# Fourth, reconfigure the clients to use the new SSL certificate.
perl -p -i -e 's/^sslCA/#sslCA/g;' \
	/etc/sysconfig/rhn/up2date /etc/sysconfig/rhn/rhn_register
echo "sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" \
	>> /etc/sysconfig/rhn/up2date
echo "sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" \
	>> /etc/sysconfig/rhn/rhn_register


# Fifth, download the GPG key needed to validate custom packages.
wget -O - -q http://proxy-or-sat.example.com.com/pub/YOUR-RPM-GPG-KEY


# Sixth, import that GPG key to your GPG keyring.
rpm --import /path/to/YOUR-RPM-GPG-KEY
请​​​记​​​住​​​,这​​​里​​​介​​​绍​​​的​​​第​​​六​​​步​​​只​​​对​​​运​​​行​​​ Red Hat Linux 3 或​​​更​​​新​​​版​​​本​​​的​​​系​​​统​​​有​​​效​​​。​​​
这​​​个​​​脚​​​本​​​包​​​括​​​了​​​一​​​个​​​简​​​洁​​​的​​​、​​​可​​​重​​​复​​​的​​​过​​​程​​​,它​​​可​​​以​​​配​​​置​​​任​​​何​​​潜​​​在​​​的​​​、​​​准​​​备​​​在​​​ RHN Proxy Server 或​​​ RHN Satellite Server 中​​​注​​​册​​​的​​​ Red Hat Network 客​​​户​​​端​​​系​​​统​​​。​​​请​​​记​​​住​​​,关​​​键​​​的​​​值​​​,如​​​您​​​的​​​ RHN 服​​​务​​​器​​​的​​​ URL、​​​其​​​公​​​共​​​目​​​录​​​和​​​您​​​实​​​际​​​的​​​ GPG 密​​​钥​​​,必​​​须​​​被​​​放​​​在​​​这​​​个​​​脚​​​本​​​的​​​相​​​应​​​位​​​置​​​中​​​。​​​另​​​外​​​,根​​​据​​​您​​​的​​​实​​​际​​​环​​​境​​​,可​​​能​​​会​​​需​​​要​​​额​​​外​​​的​​​信​​​息​​​。​​​虽​​​然​​​这​​​个​​​脚​​​本​​​可​​​能​​​无​​​需​​​修​​​改​​​就​​​可​​​以​​​正​​​常​​​工​​​作​​​,但​​​是​​​它​​​应​​​该​​​只​​​作​​​为​​​一​​​个​​​参​​​考​​​来​​​使​​​用​​​。​​​
和​​​它​​​的​​​组​​​件​​​一​​​样​​​,可​​​将​​​此​​​脚​​​本​​​放​​​在​​​中​​​央​​​位​​​置​​​。​​​将​​​此​​​脚​​​本​​​放​​​置​​​在​​​服​​​务​​​器​​​的​​​ /pub/ 目​​​录​​​中​​​,运​​​行​​​ wget -O- 命​​​令​​​,将​​​输​​​出​​​导​​​入​​​ shell,在​​​每​​​个​​​客​​​户​​​端​​​中​​​可​​​以​​​使​​​用​​​一​​​个​​​命​​​令​​​来​​​运​​​行​​​整​​​个​​​引​​​导​​​过​​​程​​​: 
wget -O - http://proxy-or-sat.example.com.com/pub/bootstrap_script | bash

警告

通​​​过​​​网​​​页​​​连​​​接​​​输​​​入​​​管​​​道​​​直​​​接​​​运​​​行​​​ shell 脚​​​本​​​显​​​然​​​有​​​很​​​多​​​安​​​全​​​隐​​​患​​​。​​​因​​​此​​​,在​​​这​​​种​​​情​​​况​​​下​​​,保​​​证​​​源​​​服​​​务​​​器​​​的​​​安​​​全​​​就​​​非​​​常​​​重​​​要​​​。​​​
这​​​个​​​一​​​行​​​的​​​命​​​令​​​可​​​以​​​在​​​网​​​络​​​中​​​被​​​所​​​有​​​的​​​系​​​统​​​调​​​用​​​。​​​如​​​果​​​系​​​统​​​管​​​理​​​员​​​有​​​到​​​所​​​有​​​系​​​统​​​的​​​ SSH 访​​​问​​​权​​​限​​​,它​​​可​​​以​​​在​​​这​​​些​​​系​​​统​​​中​​​重​​​复​​​这​​​个​​​简​​​单​​​的​​​任​​​务​​​并​​​在​​​所​​​有​​​系​​​统​​​中​​​远​​​程​​​运​​​行​​​这​​​个​​​命​​​令​​​。​​​这​​​个​​​脚​​​本​​​会​​​是​​​已​​​经​​​存​​​在​​​的​​​ kickstart 脚​​​本​​​中​​​的​​​ %post 部​​​分​​​的​​​补​​​充​​​。​​​