Red Hat NETWORK SATELLITE SERVER 4.0, Installation Manual

Page 1: ...RHN Satellite Server 4 0 Installation Guide ...

Page 2: ...ilable at http www opencontent org openpub Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder Distribution of the work or derivative of the work in any standard paper book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder Red Hat and the Red Hat Shadow Man logo...

Page 3: ... 4 Installation 21 4 1 Base Install 21 4 2 RHN Satellite Server Installation Program 21 4 3 Sendmail Configuration 37 4 4 MySQL Installation 38 5 Entitlements 39 5 1 Receiving the Certificate 39 5 2 Uploading the RHN Entitlement Certificate 40 5 3 Managing the RHN Certificate with RHN Satellite Activate 40 5 3 1 Command Line Entitlement Options 41 5 3 2 Activating the Satellite 41 6 Importing and ...

Page 4: ...B Control 59 8 4 1 DB Control Options 59 8 4 2 Backing up the Database 60 8 4 3 Verifying the Backup 61 8 4 4 Restoring the Database 61 8 5 Cloning the Satellite with Embedded DB 62 8 6 Establishing Redundant Satellites with Stand Alone DB 62 8 7 Conducting Satellite Specific Tasks 64 8 7 1 Using the Tools menu 64 8 7 2 Deleting Users 66 8 8 Automating Synchronization 67 8 9 Implementing PAM Authe...

Page 5: ...tem level support and management of Red Hat systems and networks of systems Red Hat Network brings together the tools services and information repositories needed to maximize the reliability security and per formance of their systems To use RHN system administrators register the software and hardware profiles known as System Profiles of their client systems with Red Hat Network When a client syste...

Page 6: ...ntrol clients System Profiles are stored on the local RHN Satellite Server not on the central Red Hat Network Servers Customized updates create a truly automated package delivery system for custom software packages required by client systems as well as Red Hat packages Custom channels allow fine grained control of the delivery of custom packages Access control system administrators can be restrict...

Page 7: ...eback A traceback is a detailed description of what went wrong that is useful for troubleshooting the RHN Satellite Server Tracebacks are automatically generated when a critical error occurs and are mailed to the individual s designated in the RHN Satellite Server s configuration file For more detailed explanations of these terms and others refer to the Red Hat Network Reference Guide 1 4 How it W...

Page 8: ...n updated package profile to the database on the RHN Satellite Server those packages are removed from the list of outdated packages for the client The organization can configure the website for the RHN Satellite Server to be accessible from the local area network only or from both the local area network and the Internet The Satellite s version of the RHN website allows full control over client sys...

Page 9: ...e basic installation they are covered in detail in other guides as well as this RHN Satellite Server Installation Guide For a full list of the necessary technical documents refer to Chapter 2 Requirements For this reason this section seeks to provide a definitive list of all required and recom mended steps from evaluation through custom package deployment They should take place in roughly this ord...

Page 10: ...on Administrator account 9 Use the RHN Satellite Synchronization Tool to import the channels and associated packages into the Satellite 10 Register a representative machine for each distribution type or channel Red Hat Enterprise Linux AS 2 1 3 4 to the Satellite 11 Copy using SCP the rhn_register and up2date configuration files from the etc sysconfig rhn directory of each machine individually to ...

Page 11: ...packages Once the custom RPMs are developed you can import them into the Satellite using RHN Push and add custom channels in which to store them through the Satellite s website Refer to the RHN Channel Management Guide for details ...

Page 12: ...8 Chapter 1 Introduction ...

Page 13: ...ed Hat representative if synchronization is not possible such as in a disconnected environment Each version of Red Hat Enterprise Linux AS requires additional packages to support RHN Satellite Server The following sections identify Red Hat s recommended methods for obtaining the desired package set for each version of Red Hat Enterprise Linux AS Installing packages other than those specified can l...

Page 14: ...ges with the following command up2date newt perl perl DateManip perl libxml enno perl Parse Yapp perl Time HiRes PyXML ntp Once updated delete the Red Hat Enterprise Linux AS 4 system profile from RHN as it will be reregistered during Satellite installation When kickstarting Red Hat Enterprise Linux AS 4 specify the following packages and groups Base Compatibility Arch Support Development Tools Le...

Page 15: ...erl libxml enno perl Parse Yapp perl XML Encoding ntp Once updated delete the Red Hat Enterprise Linux AS 3 Update 5 system profile from RHN as it will be reregistered during Satellite installation When kickstarting Red Hat Enterprise Linux AS 3 Update 5 specify the following pack ages and groups Base Server Development Tools Legacy Software Development perl CGI perl Time HiRes ntp 2 2 Hardware Re...

Page 16: ...tion local storage only Strongly recommended a SCSI drive connected to a level 5 RAID Separate partition or better a separate set of physical disks for storing backups This can be any directory specifiable at backup time Table 2 1 Stand Alone Database and Embedded Database Satellite Hardware Re quirements The following hardware configuration is required for the Stand Alone Database Two processors ...

Page 17: ... tablespace is recommended as more than sufficient for most installations It is possible for many customers to function with a smaller tablespace An experienced Ora cle database administrator DBA will be necessary to assess sizing issues The following formula should be used to determine the required size of your database 192 KB per client system 64 MB per channel For instance an RHN Satellite Serv...

Page 18: ...E VIEW CREATE PROCEDURE CREATE TRIGGER CREATE TYPE CREATE SESSION Additional database requirements include Security Identifier SID Listener Port Username Uniform Extent Size Auto Segment Space Management UTF 8 character set The disk layout on the database machine is independent of the RHN Satellite Server and entirely up to the customer 2 4 Additional Requirements The following additional requirem...

Page 19: ...r in the customer environment An Entitlement Certificate The customer will receive via email from the sales representative a signed Entitlement Certificate explaining the services provided by Red Hat through RHN Satellite Server This certificate will be required during the installation process A Red Hat Network Account Customers who connect to the central Red Hat Network Servers to receive increme...

Page 20: ...ld be enabled If the Satellite serves Monitoring entitled systems and you wish to acknowledge via email the alert notifications you receive you must configure sendmail to properly handle incoming mail as described in Section 4 3 Sendmail Configuration Finally you should have the following technical documents in hand for use in roughly this order 1 The RHN Satellite Server Installation Guide This g...

Page 21: ...rver The number of RHN Satellite Servers being used in the customer environment The number of RHN Proxy Servers being used in the customer environment The rest of this chapter describes possible configurations and explains their benefits 3 1 Single Satellite Topology The simplest configuration is to use a single RHN Satellite Server to serve your entire network This configuration is adequate to se...

Page 22: ...izontally Tiered Topology For very large networks a more distributed method may be needed such as having multiple RHN Satellite Servers in a horizontally tiered configuration and balancing the load of client requests Additional maintenance is the biggest disadvantage of this horizontal structure ...

Page 23: ...kages created locally In essence the Proxies act as clients of the Satellite This vertically tiered configuration requires that channels and RPMs be created only on the RHN Satellite Server In this manner the Proxies inherit and then serve packages from a central location For details refer to the RHN Channel Management Guide Similarly you should make the Proxies SSL certificates clients of the Sat...

Page 24: ...20 Chapter 3 Example Topologies Figure 3 3 Satellite Proxy Vertically Tiered Topology ...

Page 25: ... opt partition while the database itself is built in rhnsat Refer to Section 2 2 Hardware Requirements for precise specifications Install all packages required by RHN Satellite Server Refer to Section 2 1 Software Requirements for packages and package groups needed for each version of Red Hat Enterprise Linux AS Enable Network Time Protocol NTP on the Satellite and separate database if it exists a...

Page 26: ...irectory The installation program will ask you for its contents or location Also make sure your account has been granted the necessary entitlements to conduct the installation For instance a new Satellite will require both a Management or Provisioning entitlement for Red Hat Enterprise Linux AS and an RHN Satellite Server entitlement Warning Users should note that the RHN Satellite Server Installa...

Page 27: ...tall the RHN Satellite Server packages GPG keys database and default configuration It will then restart key services such as httpd 7 After the system is back up open a Web browser and go to the fully qualified domain name FQDN of the RHN Satellite Server The Administrator Email Address page appears ...

Page 28: ...ry Keep in mind this address receives all mail generated by the Satellite including potentially large quantities of error related tracebacks To stem this flow consider establishing mail filters that capture messages with a subject of RHN TRACEBACK from hostname Click Continue The Database Config uration page appears for RHN Satellite Server with Stand Alone Database while the Database Schema page ...

Page 29: ...Satellite with Stand Alone Database to connect to its database For Satellite with Embedded Database installation skip to the Database Schema page description For Satellite with Stand Alone Database consult your database administrator for the appropri ate values When finished click Test DB Connection The Database Schema page appears ...

Page 30: ...Schema 10 No input is required on the Database Schema page other than your consent Click Continue to populate the database This too can take a while The Database Popu lation page appears to help you track the progress Figure 4 5 Database Population ...

Page 31: ... s hostname and the location or mount point of the package repository Typically the defaults will do If you intend to monitor systems with this Satellite select both the Enable monitoring backend and Enable monitoring scout checkboxes In addition this page allows you to configure the Satellite to use an HTTP proxy To do this complete all associated fields Note that references to protocol such as h...

Page 32: ...ge captures email routing information used in monitoring This is required only if you intend to receive alert notifications from probes If you do provide the mail server exchanger and domain to be used Note that sendmail must be configured to handle email redirects of notifications Refer to Section 4 3 Sendmail Configuration for instructions When finished click Continue The RHN Registration page a...

Page 33: ...th the account in formation provided by your sales representative or established previously by you This account must be entitled for RHN Satellite Server To skip this step such as for Satellites that will operate in disconnected mode click either the continue link or button If you do not register the Satellite the RHN Satel lite Synchronization Tool cannot be used to populate software channels Con...

Page 34: ... navigate to the file and select it To input its contents open your certificate in a text editor copy all lines and paste them directly into the large text field at the bottom Red Hat recommends using the file locator as it is less error prone Click Validate Certificate to continue If you receive errors related to DNS ensure your Satellite is configured correctly Refer to Section 7 3 Host Not Foun...

Page 35: ...annel metadata This is possible during installation only if you chose to register your Satellite with RHN To synchronize select the Perform Satellite Sync checkbox and click Continue After the installation you will still need to pop ulate the channels with packages Refer to Chapter 6 Importing and Synchronizing for instructions The SSL Certificate page appears next ...

Page 36: ...he Satellite and its client machines In addition you may manage your SSL infrastructure using the RHN SSL Maintenance Tool Refer to the SSL Certificates chapter of the RHN Client Configuration Guide for instructions Create an SSL Certificate Authority CA password and complete the rest of the fields with your and your organization s information As always ensure this informa ...

Page 37: ...te The public certificate will be placed in the var www html pub directory on the Satellite where it can be downloaded from and installed on all client systems Once finished click Generate Cert The Bootstrap Script page appears next Figure 4 12 Bootstrap Script 18 The Bootstrap Script page allows you to create a script for redirecting client sys tems from the central RHN Servers to the Satellite T...

Page 38: ...tance and remote configuration management of the systems to be bootstrapped here Both features are useful for completing client configuration Finally if you are using an HTTP proxy server complete the related fields When finished click Generate Bootstrap Script The Installation Complete page appears Figure 4 13 Installation Complete 19 The Installation Complete page marks the end of the initial Sa...

Page 39: ...Figure 4 14 Satellite Restart 20 The Satellite Restart page requires no user input and merely provides a placeholder while the system is rebooted Once finished the browser window is redirected to the Satellite Administrator page ...

Page 40: ...ion Administrator account on the Satellite This master account can conduct any task available to all other user levels as well as create other user accounts As always ensure this information exists on the backups of login information described in Chapter 2 Requirements When finished click Create Login The Account Created page appears ...

Page 41: ...ceive you must configure sendmail to properly handle incoming mail This is required by the email redirect feature which allows you to stop notifying users about a Monitoring related event with a single reply Important Some more restrictive corporate mail configurations will not allow mail to be sent from an address that is not recognized as valid Therefore it may be necessary to configure rogertha...

Page 42: ...ervice sendmail restart 4 4 MySQL Installation This sections is applicable only if your RHN Satellite Server will serve Monitoring entitled systems and you wish to run MySQL probes against them Refer to the Probes appendix of the RHN Reference Guide for a list of available probes If you do wish to run MySQL probes subscribe the Satellite to the Red Hat Enterprise Linux AS Extras channel and instal...

Page 43: ...se by customers who have received a new RHN Entitlement Certificate such as one reflecting an increase in the number of entitlements 5 1 Receiving the Certificate The RHN Entitlement Certificate is an XML document that looks something like this xml version 1 0 encoding UTF 8 rhn cert version 0 1 rhn cert field name product RHN SATELLITE 001 rhn cert field rhn cert field name owner Clay s Precious ...

Page 44: ... this 1 Log into https rhn redhat com with your organization s Satellite entitled account 2 Click Systems in the top navigation bar and then the name of the RHN Satellite Server You may also find the Satellite through the Satellite line item within the Channels category 3 In the System Details page click the Satellite subtab and examine the existing cer tificate Ensure you have a backup of this fi...

Page 45: ...ith a list of options sanity only Confirm certificate sanity Does not activate the Satellite locally or remotely disconnected Activates locally but not on remote RHN Servers rhn cert PATH TO CERT Uploads new certificate and activates the Satellite based upon the other options passed if any systemid PATH TO SYSTEMID For testing only Provides an alternative system ID by path and file The system defa...

Page 46: ... the tool and these options To validate an RHN Entitlement Certificate s sanity only rhn satellite activate sanity only rhn cert path to demo xml To validate an RHN Entitlement Certificate and populate the local database rhn satellite activate disconnected rhn cert path to demo xml To validate an RHN Entitlement Certificate and populate both the local and the RHN database rhn satellite activate rh...

Page 47: ...talling and mounting the discs the sole difference in use will be the addition of the mount point option and path to the files appended to every command This will be covered in more detail in a moment 6 1 1 Import Sync Steps The RHN Satellite Synchronization Tool works incrementally or in steps For it to ob tain Errata information it must first know the packages contained For the packages to be up...

Page 48: ...UNT_POINT Import sync from local media mounted to the Satellite To be used in closed environments such as those created during disconnected installs list channels List all available channels and exit c channel CHANNEL_LABEL Process data for this channel only Multiple channels can be included by repeating the option If no channels are specified all channels on the Satellite will be freshened p prin...

Page 49: ... proxy password HTTP_PROXY_PASSWORD Include the password for the alternative HTTP proxy server ca cert CA_CERT Use an alternative SSL CA certificate by including the full path and filename systemid SYSTEM_ID For debugging only Include path to alternative digital system ID systemid SYSTEM_ID For debugging only Include path to alternative digital system ID batch size BATCH_SIZE For debugging only Se...

Page 50: ...t Network Channel Content ISOs must be available or the Satellite must have access to the Internet and the RHN website 6 2 2 Preparing for Import Although it is possible to conduct the import directly from the RHN website this should be done only if Channel Content ISOs are not available It takes a long time to populate a channel from scratch over the Internet For this reason Red Hat urges you to ...

Page 51: ...oop 5 Create a target directory for the files such as mkdir var rhn sat import 6 This sample command assumes the administrator wants to copy the contents of the ISO mounted in mnt import into var rhn sat import cp ruv mnt import var rhn sat import 7 Then unmount mnt import in preparation for the next CD or ISO umount mnt import 8 Repeat these steps for each Channel Content ISO of every channel to ...

Page 52: ...option 3 Moving the RPM packages from the temporary repository into their final location Individually use the step rpms option 4 Parsing the header metadata for each package in the channel uploading the package data and associating it with the channel Individually use the step packages option 5 Identifying Errata associated with the packages and including them in the repository Individually use th...

Page 53: ...he central RHN Servers deliver only an export of its channel information and remain ignorant of any details regarding the RHN Satellite Server 3 After the analysis of the export data any differences are imported into the RHN Satellite Server database Please note that importing new packages may take variable lengths of time For a large update an import can take many hours The satellite sync command...

Page 54: ...aring for Import for instruc tions on downloading the ISOs For ease of import we recommend that the data be copied from media directly into a common repository through a command such as the following cp rv mnt cdrom var rhn sat sync Then the following command satellite sync c rhel i386 as 3 mount point var rhn sat sync This can be used to perform the sync process described above using the dump fil...

Page 55: ...ese provide invaluable information about the activity that has taken place on the device or within the application that can be used to monitor performance and ensure proper configuration See Table 7 1 for the paths to all relevant log files Component Task Log File Location Apache HTTP Server var log httpd directory RHN Satellite Server var log rhn directory RHN Satellite Server Installation Progra...

Page 56: ...on to log files you can obtain valuable information by retrieving the status of your RHN Satellite Server and its various components This can be done with the command service rhn satellite status In addition you can obtain the status of components such as the Apache HTTP Server and the RHN Task Engine individually For instance to view the status of the Apache HTTP Server run the command service ht...

Page 57: ...files may be at fault Stop the jabberd daemon before removing these files To do so issue the following commands as root service jabberd stop cd var lib jabberd rm f _db service jabberd start 7 3 Host Not Found Could Not Determine FQDN Because RHN configuration files rely exclusively on fully qualified domain names FQDN it is imperative key applications are able to resolve the name of the RHN Satel...

Page 58: ... is the result of a Satellite being installed on a machine whose time had been improperly set During the Satellite installation process SSL certificates are created with inaccurate times If the Satel lite s time is then corrected the certificate start date and time may be set in the future making it invalid To troubleshoot this check the date and time on the clients and the Satellite with the fol ...

Page 59: ...will serve in both capacities Refer to the SSL Certificates chapter of the RHN Client Configuration Guide for specific instructions Make sure client systems are not using firewalls of their own blocking required ports as identified in Section 2 4 Additional Requirements 7 5 Satellite Debugging by Red Hat If you ve exhausted these troubleshooting steps or want to defer them to Red Hat Network profe...

Page 60: ...debug tar bz2 removing temporary debug tree Debug dump created stored in tmp satellite debug tar bz2 Deliver the generated tarball to your RHN contact or support channel Once finished email the new file from the tmp directory to your Red Hat representative for immediate diagnosis ...

Page 61: ...llite restart service rhn satellite status Use the rhn satellite service to shut down and bring up the entire RHN Satellite Server and retrieve status messages from all of its services at once 8 2 Updating the Satellite If any critical updates are made to RHN Satellite Server they will be released in the form of an Erratum for the RHN Satellite Server For RHN Satellite Server systems that may be c...

Page 62: ... to update the server s RHN Entitlement Certificate such as to increase its number of client systems refer to Chapter 5 Entitlements for instructions 8 3 Backing Up the Satellite Backing up an RHN Satellite Server can be done in several ways Regardless of the method chosen the associated database also needs to be backed up For the Stand Alone Database consult your organization s database administr...

Page 63: ...l the RHN Satellite Server without reregistering it During the installation cancel or skip the RHN registration and SSL certificate generation sections The final and most comprehensive method would be to back up the entire machine This would save time in downloading and reinstalling but would require additional disk space and back up time 8 4 Using RHN DB Control RHN Satellite Server with Embedded...

Page 64: ...ng or offline stop Stops the database instance This can also be accomplished by issuing the service rhn database stop command as root tablesizes Show space report for each table verify DIRNAME Verifies the contents of the backup kept in DIRNAME This command checks the md5sums of each of the files kept in the backup Table 8 1 RHN DB Control Options 8 4 2 Backing up the Database Red Hat recommends p...

Page 65: ...tion disk or system at 6 a m 8 4 3 Verifying the Backup Backing up the Embedded Database is useful only if you can ensure the integrity of the re sulting backup RHN DB Control provides two methods for reviewing backups one brief one more detailed To conduct a quick check of the backup s timestamp and determine any missing files issue this command as oracle db control examine DIRNAME To conduct a m...

Page 66: ...e primary Satellite s database daily using the commands described in Section 8 4 2 Backing up the Database If this is done only changes made the day of the failure will be lost 3 Establish a mechanism to copy the backup to the secondary Satellite and keep these repositories synchronized using a file transfer program such as rsync If you re using a SAN copying isn t necessary 4 Use RHN DB Control s...

Page 67: ...appropriate Common Name value now In this case you may also generate a new bootstrap script that captures this new value 3 After installation copy the following files from the primary Satellite to the secondary Satellite etc rhn rhn conf etc tnsnames ora var www rhns server secret rhnSecret py 4 Copy and install the server side SSL certificate RPMs from the primary Satellite to the secondary Refer...

Page 68: ...NS a network load balancer and a reverse proxy setup 8 7 Conducting Satellite Specific Tasks Using a RHN Satellite Server is quite similar to using the hosted version of Red Hat Net work For this reason you should consult the RHN Reference Guide to obtain detailed in structions to standard tasks such as editing System Profiles and updating packages Tasks directly related to managing custom channel...

Page 69: ... of the RHN Task Engine This tool is a daemon that runs on the Satellite server itself and performs routine operations such as database cleanup Errata mailings etc that must be performed in the background The page displays the execution times for various activities carried out by the daemon Administrators should ensure the RHN Task Engine stays up and running If this daemon hangs for any reason it...

Page 70: ...mails error messages and elsewhere 8 7 2 Deleting Users Because of the isolated environment in which RHN Satellite Servers operate Satellite cus tomers have been granted the ability to delete users To access this functionality click Users in the top navigation bar of the RHN website In the resulting User List click the name of the user to be removed This takes you to the User Details page Click th...

Page 71: ...the RHN Satellite Server Failing to do so causes the delete operation to fail The Organization Administrator role may be removed by any Organization Administrator provided they are not the sole Organization Administrator for the organization by clicking on the Users tab and then visiting the Details sub tab Figure 8 3 User Delete Confirmation Many other options exist for managing users You can fin...

Page 72: ...ronization like so 0 1 perl le sleep rand 9000 satellite sync email dev null 2 dev null This particular job will run randomly between 1 00 a m and 3 30 a m system time each night and redirect stdout and stderr from cron to prevent duplicating the more easily read message from satellite sync Options other than email can also be included Refer to Section 6 1 2 Import Sync Options for the full list o...

Page 73: ... for scheduled actions you may enable the Satellite to immediately initiate those tasks on Provisioning entitled systems This bypasses the typical delay between scheduling an action and the client sys tem checking in with RHN to retrieve it Important SSL must be employed between the Satellite and its clients systems for this feature to work If the SSL certificates are not available the daemon on t...

Page 74: ...stem recognizing the fully qualified domain name FQDN of the Satellite This name and not the IP address of the server must be used when configuring the Red Hat Update Agent Refer to the RHN Client Configuration Guide for details Now when you schedule actions from the Satellite on any of the push enabled systems the task will begin immediately rather than wait for the system to check in ...

Page 75: ... Hat and custom served by the RHN Satellite mount_point var satellite Corporate gateway hostname PORT server satellite http_proxy corporate_gateway example com 8080 server satellite http_proxy_username server satellite http_proxy_password Database connection information username password SID default_db test01 test01 test01 DON T TOUCH ANY OF THE FOLLOWING web satellite 1 web session_swap_secret_1 ...

Page 76: ..._acls RHN Access web default_taskmaster_tasks RHN Task SessionCleanup RHN Task ErrataQueue RHN Task ErrataEngine RHN Task DailySummary RHN Task SummaryPopulation RHN Task RHNProc RHN Task PackageCleanup web rhn_gpg_backend_module RHN GPG OpenPGP web restrict_mail_domains ...

Page 77: ...kage default location var satellite 21 chkconfig 16 cloning satellite 62 connection errors 54 D Database Configuration 25 Database Population 27 database RPMs default location opt 21 Database Schema 26 db control options 59 db control use 59 disable services ntsysv chkconfig 16 disconnected mode 29 E embedded database default location rhnsat 21 enabling push to clients 69 entitlement certificate 1...

Page 78: ...ime Protocol 15 ntsysv 16 O Oracle 9i R2 3 Organization Administrator 36 definition 2 osa dispatcher 69 osad 69 P port 443 14 port 5222 16 port 5269 16 port 80 14 R Red Hat Network introduction 1 Red Hat Update Agent definition 2 redundant satellite 62 requirements 9 additional 14 database 13 hardware 11 software 9 software Enterprise Linux 3 10 software Enterprise Linux 4 9 RHN components 3 RHN C...

Page 79: ...satellite debug 55 satellite sync 47 49 step channel families 48 step channels 48 step rpms 48 cron job 68 sendmail 16 28 Software Channel Administrator definition 2 SSL Certificate 32 SSL public certificate location on Satellite var www html pub 33 summary of steps 5 synchronizing keeping channel data in sync 48 T terms to understand 2 tool use 64 topologies 17 multiple satellites horizontally ti...

Page 80: ......