Not every customer will need to connect securely to an RHN Satellite Server or RHN Proxy Server within their organization. And not every customer will need to build and deploy a GPG key for custom packages. (Both of these topics are explained in detail later.) But every customer who uses RHN Satellite Server or RHN Proxy Server will need to reconfigure the Red Hat Update Agent (up2date) and possibly the Red Hat Network Registration Client (rhn_register) to be directed to the Satellite or Proxy.
Important | |
---|---|
Although this isn't configurable, users should still make note that the port used by the Red Hat Update Agent is 443 for SSL (HTTPS) and 80 for non-SSL (HTTP). By default, up2date uses SSL only. For this reason, users should ensure their firewalls allow connections over port 443. To bypass SSL, in /etc/sysconfig/rhn/up2date change the protocol for serverURL from https to http. Similarly, if you will be using RHN's Monitoring feature and probes requiring the Red Hat Network Monitoring Daemon, note that client systems will need to allow connections on port 4545 (or port 22, if they will use sshd instead). |
By default, the Red Hat Network Registration Client and the Red Hat Update Agent refer to the main Red Hat Network Servers. Users must reconfigure client systems to refer to the RHN Satellite Server or RHN Proxy Server. This can be done in three different ways: using the --configure option, updating the configuration file(s) manually, or scripting a change to multiple settings at once. To see how virtually all reconfiguration can be scripted, see Chapter 6 Manually Scripting the Configuration.
Red Hat recommends using activation keys for registering and configuring client systems that will be using RHN Proxy Server or RHN Satellite Server. Activation keys can be used to register, entitle, and subscribe systems in a batch. Refer to the Activation Keys section of the Red Hat Update Agent chapter within the RHN Management Reference Guide for instructions on use.
It is possible to incorporate activation keys into a scripted configuration process, such as the one described in Chapter 6 Manually Scripting the Configuration. To do this, create a bootstrap.sh file much like the one described, place it in the Proxy or Satellite's /pub directory and combine it with the rhnreg_ks utility. For example:
wget -O http://your-satellite-FQDN/pub/bootstrap.sh | bash \ && rhnreg_ks --activation-key b0fa829d751aEXAMPLE6983a72c8346e \ --serverUrl https://your-satellite-FQDN/XMLRPC |
Warning | |
---|---|
Systems running Red Hat Enterprise Linux 2.1 and versions of Red Hat Linux prior to 8.0 may experience problems using Activation Keys to migrate SSL certificate settings from rhn_register to up2date. All other settings, such as the server URL, will be properly transferred. Therefore, the SSL certificate information on those systems will have to be set manually. |
Both the Red Hat Network Registration Client and the Red Hat Update Agent that ship with Red Hat Enterprise Linux provide interfaces for configuring various settings. For full listings of these settings, refer to the chapters dedicated to the applications in the RHN Management Reference Guide.
Each application offers a graphical user interface (GUI) for configuration that enables you to change the settings required by RHN Proxy Server or RHN Satellite Server. The only requirement for using this option is to have the client systems running the X Window System. The command to launch the GUI configuration interface will look like:
application_filename --configure |
To reconfigure the Red Hat Update Agent, as root, run the following command:
up2date --configure |
You are presented with a dialog box offering various settings that may be reconfigured. In the General tab, under Select a Red Hat Network Server to use replace the default value with the fully qualified domain name (FQDN) of the RHN Satellite Server or RHN Proxy Server, such as https://your_proxy_or_sat.your_domain.com/XMLRPC. Retain the /XMLRPC at the end. Then click OK.
Make sure you enter the domain name of your RHN Satellite Server or RHN Proxy Server correctly. Entering an incorrect domain or leaving the field blank may prevent up2date --configure from launching. This may be resolved, however, by editing the value in the up2date configuration file. Refer to Section 2.2.3 Updating the Configuration Files Manually for precise instructions.
Warning | |
---|---|
Systems running Red Hat Enterprise Linux 3 or newer have registration functionality built into the Red Hat Update Agent and therefore do not have the Red Hat Network Registration Client installed. Systems running Red Hat Enterprise Linux 2.1 (and versions of Red Hat Linux prior to 8.0) still need to reconfigure and use the Red Hat Network Registration Client, as well as the Red Hat Update Agent. |
To reconfigure the Red Hat Network Registration Client, conduct an almost identical set of steps. As root, run the following command:
rhn_register --configure |
You are presented with a dialog box offering basic settings that may be reconfigured. Under Select a Red Hat Network server to use: replace the default value with the fully qualified domain name (FQDN) of the RHN Satellite Server or RHN Proxy Server, such as https://your_proxy_or_sat.your_domain.com/XMLRPC. Retain the /XMLRPC at the end. Then click OK.
If your version of rhn_register does not display the server field, and you cannot upgrade to a later version, you may enter the domain name of your RHN Satellite Server or RHN Proxy Server directly into the rhn_register configuration file. Refer to Section 2.2.3 Updating the Configuration Files Manually for precise instructions.
As an alternative to the GUI interface described in the previous section, users may also reconfigure the Red Hat Network Registration Client and the Red Hat Update Agent by editing the applications' configuration files.
To configure the Red Hat Update Agent on the client systems connecting to the RHN Proxy Server or RHN Satellite Server, edit the values of the serverURL and noSSLServerURL settings in the /etc/sysconfig/rhn/up2date configuration file (as root). Replace the default Red Hat Network URL with the fully qualified domain name (FQDN) for the RHN Proxy Server or RHN Satellite Server. For example:
serverURL[comment]=Remote server URL serverURL=https://your_proxy_or_sat.your_domain.com/XMLRPC noSSLServerURL[comment]=Remote server URL without SSL noSSLServerURL=http://your_proxy_or_sat.your_domain.com/XMLRPC |
Warning | |
---|---|
The httpProxy setting in /etc/sysconfig/rhn/up2date does not refer to the RHN Proxy Server. It is used to configure an optional HTTP proxy for the client. With an RHN Proxy Server in place, the httpProxy setting must be blank (not set to any value). |
Skip this section if you are running Red Hat Enterprise Linux 3 later on the client system.
Note | |
---|---|
You must use version 2.7.11 or higher of rhn_register on the client systems so they can recognize new certificates. This RPM should be available in /var/spool/up2date on your proxy system after you run up2date for the Proxy. |
To configure the Red Hat Network Registration Client on the client systems connecting to the RHN Proxy Server or RHN Satellite Server, edit the values of the serverURL and noSSLServerURL options in the /etc/sysconfig/rhn/rhn_register configuration file (as root). Replace the default Red Hat Network URL with the fully qualified domain name (FQDN) for the RHN Proxy Server or RHN Satellite Server. For example:
serverURL[comment]=Remote server URL serverURL=https://your_proxy_or_sat.your_domain.com/XMLRPC noSSLServerURL[comment]=Remote server URL without SSL noSSLServerURL=http://your_proxy_or_sat.your_domain.com/XMLRPC |