Red Hat Training

A Red Hat training course is available for Red Hat Satellite

章 6. 手​​​動​​​式​​​編​​​寫​​​配​​​置​​​

請​​​注​​​意​​​,本​​​章​​​節​​​提​​​供​​​了​​​另​​​一​​​個​​​使​​​用​​​ RHN Bootstrap 來​​​產​​​生​​​ bootstrap script 的​​​方​​​式​​​。​​​透​​​過​​​這​​​些​​​指​​​南​​​,您​​​應​​​該​​​能​​​夠​​​從​​​頭​​​建​​​立​​​您​​​自​​​己​​​的​​​ bootstrap script。​​​
所​​​有​​​初​​​始​​​的​​​技​​​巧​​​皆​​​持​​​有​​​一​​​個​​​共​​​同​​​點​​​:位​​​於​​​中​​​央​​​位​​​置​​​的​​​必​​​要​​​檔​​​案​​​之​​​建​​​置​​​,會​​​透​​​過​​​在​​​各​​​個​​​客​​​戶​​​端​​​上​​​,藉​​​由​​​執​​​行​​​簡​​​易​​​、​​​可​​​編​​​寫​​​的​​​指​​​令​​​來​​​進​​​行​​​檢​​​索​​​與​​​安​​​裝​​​。​​​在​​​本​​​章​​​節​​​中​​​,我​​​們​​​即​​​將​​​探​​​索​​​如​​​何​​​將​​​所​​​有​​​這​​​些​​​點​​​點​​​滴​​​滴​​​結​​​合​​​在​​​一​​​起​​​,以​​​建​​​立​​​一​​​個​​​可​​​讓​​​您​​​組​​​織​​​中​​​的​​​任​​​何​​​系​​​統​​​所​​​引​​​動​​​的​​​單​​​獨​​​ script。​​​
當​​​我​​​們​​​藉​​​由​​​最​​​適​​​當​​​的​​​順​​​序​​​,來​​​將​​​先​​​前​​​章​​​節​​​中​​​的​​​這​​​些​​​指​​​令​​​結​​​合​​​在​​​一​​​起​​​時​​​,我​​​們​​​會​​​得​​​到​​​下​​​列​​​ script。​​​請​​​記​​​住​​​,rhn_register 並​​​不​​​存​​​在​​​ Red Hat Enterprise Linux 3 或​​​ 4 這​​​兩​​​個​​​版​​​本​​​上​​​: 
# First, install the latest client RPMs to the system.
rpm -Uvh \
	http://proxy-or-sat.example.com.com/pub/rhn_register-2.8.27-1.7.3.i386.rpm \
	http://proxy-or-sat.example.com.com/pub/rhn_register-gnome-2.8.27-1.7.3.i386.rpm \
	http://proxy-or-sat.example.com.com/pub/up2date-3.0.7-1.i386.rpm \
	http://proxy-or-sat.example.com.com/pub/up2date-gnome-3.0.7-1.i386.rpm

# Second, reconfigure the clients to talk to the correct server.

perl -p -i -e 's/s/www\.rhns\.redhat\.com/proxy-or-sat\.example\.com/g' \
	/etc/sysconfig/rhn/rhn_register \
	/etc/sysconfig/rhn/up2date


# Third, install the SSL client certificate for your company's 
# RHN Satellite Server or RHN Proxy Server.
rpm -Uvh http://proxy-or-sat.example.com/pub/rhn-org-trusted-ssl-cert-*.noarch.rpm

# Fourth, reconfigure the clients to use the new SSL certificate.
perl -p -i -e 's/^sslCA/#sslCA/g;' \
	/etc/sysconfig/rhn/up2date /etc/sysconfig/rhn/rhn_register
echo "sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" \
	>> /etc/sysconfig/rhn/up2date
echo "sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" \
	>> /etc/sysconfig/rhn/rhn_register


# Fifth, download the GPG key needed to validate custom packages.
wget -O - -q http://proxy-or-sat.example.com.com/pub/YOUR-RPM-GPG-KEY


# Sixth, import that GPG key to your GPG keyring.
rpm --import /path/to/YOUR-RPM-GPG-KEY
請​​​記​​​得​​​第​​​六​​​步​​​驟​​​記​​​載​​​在​​​此​​​,因​​​為​​​它​​​與​​​執​​​行​​​ Red Hat Linux 3 或​​​更​​​新​​​版​​​本​​​的​​​系​​​統​​​相​​​關​​​。​​​
這​​​個​​​ script 構​​​成​​​了​​​一​​​個​​​乾​​​淨​​​並​​​可​​​重​​​複​​​的​​​程​​​序​​​,它​​​能​​​完​​​整​​​地​​​配​​​置​​​任​​​何​​​潛​​​在​​​的​​​ Red Hat Network 客​​​戶​​​端​​​,以​​​便​​​為​​​註​​​冊​​​至​​​一​​​個​​​ RHN Proxy Server 或​​​ RHN Satellite Server 作​​​準​​​備​​​。​​​請​​​記​​​住​​​,關​​​鍵​​​值​​​(例​​​如​​​您​​​ RHN 伺​​​服​​​器​​​的​​​網​​​址​​​、​​​它​​​的​​​公​​​用​​​目​​​錄​​​以​​​及​​​您​​​的​​​真​​​實​​​ GPG 金​​​鑰​​​)必​​​須​​​被​​​插​​​入​​​列​​​在​​​ script 中​​​的​​​佔​​​位​​​符​​​之​​​中​​​。​​​還​​​有​​​,隨​​​著​​​您​​​環​​​境​​​的​​​不​​​同​​​,您​​​可​​​能​​​需​​​要​​​進​​​行​​​額​​​外​​​的​​​修​​​改​​​。​​​雖​​​然​​​此​​​ script 可​​​能​​​就​​​算​​​逐​​​字​​​地​​​使​​​用​​​也​​​能​​​運​​​作​​​,不​​​過​​​您​​​應​​​將​​​它​​​視​​​為​​​參​​​考​​​指​​​南​​​。​​​
就​​​和​​​它​​​的​​​元​​​件​​​一​​​樣​​​,這​​​個​​​ script 能​​​被​​​至​​​於​​​中​​​央​​​。​​​透​​​過​​​將​​​此​​​ script 放​​​置​​​在​​​伺​​​服​​​器​​​的​​​ /pub/ 目​​​錄​​​中​​​、​​​對​​​它​​​執​​​行​​​ wget -O-,然​​​後​​​將​​​輸​​​出​​​以​​​管​​​線​​​傳​​​輸​​​至​​​ shell session。​​​您​​​能​​​夠​​​藉​​​由​​​各​​​個​​​客​​​戶​​​端​​​,以​​​一​​​項​​​單​​​獨​​​的​​​指​​​令​​​執​​​行​​​所​​​有​​​的​​​ bootstrap 程​​​序​​​。​​​ 
wget -O - http://proxy-or-sat.example.com.com/pub/bootstrap_script | bash

警告

透​​​過​​​網​​​站​​​連​​​結​​​來​​​直​​​接​​​由​​​管​​​線​​​所​​​傳​​​輸​​​進​​​來​​​的​​​輸​​​入​​​執​​​行​​​ shell script,明​​​顯​​​上​​​含​​​有​​​一​​​些​​​固​​​有​​​的​​​危​​​險​​​性​​​。​​​因​​​此​​​,請​​​務​​​必​​​確​​​認​​​在​​​此​​​情​​​況​​​下​​​的​​​來​​​源​​​伺​​​服​​​器​​​安​​​全​​​性​​​。​​​
之​​​後​​​,這​​​項​​​單​​​行​​​的​​​指​​​令​​​便​​​能​​​在​​​一​​​個​​​網​​​路​​​上​​​的​​​所​​​有​​​系​​​統​​​上​​​引​​​動​​​。​​​在​​​此​​​情​​​況​​​下​​​,若​​​系​​​統​​​管​​​理​​​員​​​持​​​有​​​所​​​有​​​這​​​些​​​系​​​統​​​的​​​ SSH 存​​​取​​​權​​​限​​​,他​​​便​​​能​​​輕​​​易​​​重​​​複​​​性​​​地​​​透​​​過​​​遠​​​端​​​的​​​方​​​式​​​來​​​在​​​這​​​些​​​系​​​統​​​上​​​執​​​行​​​指​​​令​​​。​​​這​​​個​​​ script 也​​​能​​​夠​​​被​​​當​​​作​​​是​​​既​​​有​​​ kickstart script 的​​​ %post 部​​​份​​​的​​​完​​​美​​​附​​​加​​​功​​​能​​​。​​​