-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for Red Hat Satellite
5.4.3. Configuring Servers for Enhanced Entitlements Reporting
The Satellite 5 server requires some configuration to allow successful communication with Subscription Asset Manager. The following procedure provides the necessary steps for configuration.
Procedure 5.2. To Configure Servers for Enhanced Entitlements Reporting
- Access the terminal on your SAM server using
root
permissions. - Generate an SSH key pair on the SAM server:
[root@sam13] # su - splice -s /bin/sh -c 'ssh-keygen -t rsa -f /var/lib/splice/id_rsa-sat -N ""'
Make a note of the content of the public key file:[root@sam13] # cat /var/lib/splice/id_rsa-sat.pub
- Access the terminal on your Satellite 5 server using
root
permissions. - Create a new
swreport
user on the Satellite 5 machine and provide the user with a.ssh
directory.[root@sat56] # useradd swreport [root@sat56] # mkdir /home/swreport/.ssh
- Append the
/home/swreport/.ssh/authorized_keys
file with the contents of the/var/lib/splice/id_rsa-sat.pub
file on your chosen Subscription Management Application. - Prepend the SAM public key content in
/home/swreport/.ssh/authorized_keys
with the following:command="/usr/bin/spacewalk-report $SSH_ORIGINAL_COMMAND"
This ensures theswreport
user only uses thespacewalk-report
command. - Set permissions and the SELinux content on the
.ssh
directory andauthorized_keys
file for theswreport
user.[root@sat56] # chown -R swreport:swreport /home/swreport/.ssh [root@sat56] # chmod 700 /home/swreport/.ssh [root@sat56] # chmod 600 /home/swreport/.ssh/authorized_keys [root@sat56] # restorecon -R /home/swreport/.ssh
- The
swreport
user requires permissions to read rhn.conf and connect to the database. Add this user to theapache
group.[root@sat56] # gpasswd -a swreport apache
- Test your connection. Switch to the Subscription Asset Manager server and run the following command:
[root@sam13] # su - splice -s /bin/bash [splice@sam13] # ssh -i /var/lib/splice/id_rsa-sat swreport@sat56-hostname splice-export
Substitute sat56-hostname for the hostname of the Subscription Asset Manager server.Important
This command is required to accept the Satelite 5 server's fingerprint. - Edit the
/etc/splice/checkin.conf
on the Subscription Asset Manager server.[root@sam13] # vi /etc/splice/checkin.conf
- Edit the following sections:
[spacewalk] host=hostname ssh_key_path=/var/lib/splice/id_rsa-sat login=swreport [katello] hostname=localhost port=443 proto=https api_url=/sam admin_user=admin admin_pass=password
Substitute hostname for the hostname of the Satellite 5 server and password for your SAM administration password. Enter the location of the SAM SSH key for thessh_key_path
parameter. Save your changes. - Run
spacewalk-splice-checkin
tool as thesplice
user to generate organizations from the Satellite 5 server.[root@sam13] # su - splice -s /bin/bash [splice@sam13] $ spacewalk-splice-checkin
The
spacewalk-splice-checkin
tool also runs as a cronjob on the Subscription Asset Manager server. It reads system and channel data from the Satellite 5 server's spacewalk-report
tool and pushes the data into the SAM database. Subscription Asset Manager then provides reports to display entitlement consumption for the current state of the systems in Satellite 5 along with historical data.
Before viewing this data, the SAM server requires a subscription manifest that corresponds to the entitlements on your Satellite 5 server.