How to setup a self-subscribed Red Hat Satellite 5 server?

Solution Verified - Updated -

Environment

  • Red Hat Satellite 5

Issue

  • How to setup a self subscribed Red Hat Satellite 5 server?
  • How to register Satellite server to self for getting updates locally ?
  • What is the best practice / guideline to register the Satellite server as a client of itself?
  • How to connect Satellite Server to itself ? How to connect the satellite server to itself (instead of RHN Classic Hosted) in order to be able to push the configuration files to it ?

Resolution

README: Please refer to Red Hat Satellite 5.7 User Guide "Setting Up a Self-Subscribed Red Hat Satellite" for official documentation. The following content is no longer maintained and my contain information which is out-of-date for current release of Satellite 5.x.

Background:

  • A self-subscribed Red Hat Satellite 5 server is registered to itself rather than the central Red Hat Network (RHN) Classic Hosted servers.

  • Typically, a Satellite 5 server registers to RHN Classic Hosted's central servers and is then activated as a Satellite. The Satellite may then issue the satellite-sync command to pull down new packages and other content from RHN Classsic Hosted onto the Satellite. Registration with RHN Classsic Hosted also allows the Satellite to get updates via up2date or yum for the Red Hat Enterprise Linux and Red Hat Satellite packages that have been installed on it.

The process to set up a self-subscribing Satellite also allows these capabilities. The Satellite still registers with RHN Classsic Hosted, and satellite-sync can still pull down new content. The up2date or yum command, however, no longer communicates to RHN Classsic Hosted -- it instead pulls content from a base channel hosted on the Satellite server itself.

Limitations :

  • You cannot use this as a means to monitor your Satellite. Installation of the client-side rhnmd package will break the Monitoring feature of the Satellite. RHN Classsic Hosted provides custom Satellite Monitoring probes that can be configured to monitor a self-subscribed Satellite.

  • A self-subscribed Satellite treats the self-registration as it does any other client system registration. To prevent accidental changes to your self-subscribed Satellite, Red Hat recommends that Administrators lock the self-subscribed Satellite's system profile ("Lock system" from the system profile).

  • You cannot use osad on your Satellite. Installation of the client-side osad package will break the Provisioning feature of the Satellite.

Notes:

  • Although the configuration is untested, disconnected Satellite customers may choose to self-subscribe their Satellites.

  • This process allows customers to control the Red Hat Enterprise Linux packages on their Satellite in the same manner as clients registered to the Satellite.

  • This Solution is about Red Hat Satellite 5, for Satellite 6, please see Satellite 6 Installation Guide, section "5.1. Registering a Satellite to Itself".

Steps needed to install and configure a self-subscribed Satellite

  1. Install Red Hat Enterprise Linux per Satellite Installation Guide.

  2. Install Red Hat Satellite 5, following the instructions within the Installation Guide. Allow the Satellite installer to register and activate the Satellite subscription to Red Hat Network (RHN) Classic Hosted.

  3. Via the satellite-sync command, download and import the Base Channel that matches the version of Red Hat Enterprise Linux installed on the Satellite in "Step 1". Satellite-sync can import the necessary files from either RHN Classic Hosted's central servers or the Base Channel content ISO's available for download on RHN.

  4. Via the Satellite web interface, create a cloned channel from the imported Red Hat base channel.

  5. Rename the systemid file that allows communication with RHN:

    # mv /etc/sysconfig/rhn/systemid /etc/sysconfig/rhn/systemid.sat
    
  6. Install the client side Satellite SSL Certificate package onto the Satellite.

    # rpm -Uvh /var/www/html/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm 
    
  7. Reconfigure up2date to use the Satellite hostname and SSL certificate. Edit the /etc/sysconfig/rhn/up2date file and change the following options from:

     sslCACert=/usr/share/rhn/RHNS-CA-CERT
     noSSLServerURL=http://xmlrpc.rhn.redhat.com/XMLRPC
     serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC 
    

    to:

     sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
     noSSLServerURL=http://<satellite-server-hostname>/XMLRPC
     serverURL=https://<satellite-server-hostname>/XMLRPC 
    

    Notes:

    • It is probable that HTTP proxy information that allows your Satellite to access the RHN central servers must be removed from up2date's configuration settings. This permits the up2date client to communicate with the Satellite.

    • Depending on your network settings, it may be necessary to use the main IP address associated with your default network card, rather than the hostname, or localhost (127.0.0.1) to communicate with your Satellite.

  8. Register the Satellite server with the up2date --register or  rhnreg_ks --username <satellite username> --password <satellite password> command.

  9. After registration, rename the current systemid file and rename the systemid.sat file back to systemid.

    # mv /etc/sysconfig/rhn/systemid /etc/sysconfig/rhn/systemid.up2date
    # mv /etc/sysconfig/rhn/systemid.sat /etc/sysconfig/rhn/systemid
    
  10. Reconfigure the systemIdPath option of up2date to the path of the systemid.up2date file. Change the option from:

systemIdPath=/etc/sysconfig/rhn/systemid

          to:

systemIdPath=/etc/sysconfig/rhn/systemid.up2date

11. Log in to the Satellite's web interface and go to its System Details page. Click on the Channels sub-tab, select the cloned base channel from the drop-down menu, then click the Modify Base Channel button.

The Satellite Server is now self-subscribed.

Test to confirm Satellite is still working

Test the following items to be sure they still work:

  1. test satellite-sync

  2. test up2date or yum

  • Running the satellite-sync command should return information indicating that the Satellite connects to satellite.rhn.redhat.com. The output should resemble the following:

     # satellite-sync -l
     16:50:22 Red Hat Network Satellite - live synchronization
     16:50:22    url: https://satellite.rhn.redhat.com
     16:50:22    debug/output level: 1
     ... 
    

  • Running the up2date -l or yum check-update command should display information indicating that packages are downloaded from the Satellite rather than RHN.

  • Client Side Applications

    Warning: Do not force the installation of the rhnmd client-side monitoring package onto your self-subscribed Satellite. This breaks Monitoring.

    Notes:

    • If a client-side application is not listed here, assume that it has not been tested.

    • Red Hat highly recommends that Administrators lock the registered Self Subscribing Satellite within the Satellite's web interface. This prevents any scheduled event from executing. Before unlocking the Satellite, review the pending events and delete those you do not want to run.

    • Red Hat recommends Administrators entitle the Self Subscribing Satellite to the Management level, but with no Provisioning or Monitoring entitlements. This helps to avoid possible harmful or accidental changes to your Satellite server.

    • If you choose to grant your self-subscribed Satellite a Provisioning entitlement, do not attempt to use the Satellite to re-provision itself. The Satellite attempts to perform the re-installation of the Red Hat Enterprise Linux operating system, but on reboot, the Red Hat installation program is unable to download the necessary packages from the Satellite to perform the installation. There is a high risk of data loss and service interruption for your Satellite, especially if external kickstart trees are used.

    Red Hat provides various client-side tools for interaction with various aspects of a Red Hat Satellite system. The list below outlines whether or not a client-side application functions on a Self Subscribed Satellite 5 server:

    • up2date - up2date, rhn_check, rhnsd, yum: All function normally.

    • RHN Push - osad: Will not install. The osad package, which is used to push packages to client systems, conflicts with the server-side osa-dispatcher package. Do not attempt to force the installation of osad on a Satellite.

    • RHN Applet - rhn-applet-tui, rhn-applet-gui: Both function normally. Installation and configuration of the rhn-applet-tui and rhn-applet-gui packages, which allow client systems to communicate with Satellite, complete normally. The rhn-applet-tui command passed RHN testing. Note: rhn-applet-gui requires packages that are not installed by default.

    • RHN Configuration Client Tool - rhncfg-client: Functions normally after a change to the configuration file. Edit the /etc/sysconfig/rhn/rhncfg-client.conf file and change the systemIdPath option to match the path to systemid.up2date created in step 9 above.

    • RHN Configuration Management Tool - rhncfg-manager: Functions normally.

    • RHN Custom Info - rhn-custom-info: Functions normally.

    • Client Monitoring - rhnmd: Will not install. The rhnmd package conflicts with the server-side monitoring packages. Do not attempt to force the installation of rhnmd, as this breaks Monitoring on the Satellite.

    This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.