The /var/www/html/pub/bootstrap/bootstrap.sh script generated by the RHN Satellite Server installation program and available to both Satellite and RHN Proxy Server customers through the use of RHN Bootstrap provides the ability to reconfigure client systems to use the RHN Server easily. After modifying for your particular use, it can be run on each client machine.
Review the sample and its comments, beginning with a hash mark (#), for additional details. Follow the steps in Chapter 5 Using RHN Bootstrap to prepare the script for use.
#!/bin/bash
echo "RHN Server Client bootstrap script v3.6"
# This file was autogenerated. Minor manual editing of this script (and
# possibly the client-config-overrides.txt file) may be necessary to complete
# the bootstrap setup. Once customized, the bootstrap script can be triggered
# in one of two ways (the first is preferred):
#
# (1) centrally, from the RHN Server via ssh (i.e., from the
# RHN Server):
# cd /var/www/html/pub/bootstrap/
# cat bootstrap-<edited_name>.sh | ssh root@<client-hostname> /bin/bash
#
# ...or...
#
# (2) in a decentalized manner, executed on each client, via wget or curl:
# wget -qO- https://<hostname>/pub/bootstrap/bootstrap-<edited_name>.sh | /bin/bash
# ...or...
# curl -Sks https://<hostname>/pub/bootstrap/bootstrap-<edited_name>.sh | /bin/bash
# SECURITY NOTE:
# Use of these scripts via the two methods discussed is the most expedient
# way to register machines to your RHN Server. Since "wget" is used
# throughout the script to download various files, a "Man-in-the-middle"
# attack is theoretically possible.
#
# The actual registration process is performed securely via SSL, so the risk
# is minimized in a sense. This message merely serves as a warning.
# Adminitrators need to appropriately weigh their concern against the
# relative security of their internal network.
# PROVISIONING/KICKSTART NOTE:
# If provisioning a client, ensure the proper CA SSL public certificate is
# configured properly in the post section of your kickstart profiles (the
# RHN Satellite or hosted web user interface).
# UP2DATE/RHN_REGISTER VERSIONING NOTE:
# This script will not work with very old versions of up2date and
# rhn_register.
echo
echo
echo "MINOR MANUAL EDITING OF THIS FILE MAY BE REQUIRED!"
echo
echo "If this bootstrap script was created during the initial installation"
echo "of an RHN Satellite, the ACTIVATION_KEYS, and ORG_GPG_KEY values will"
echo "probably *not* be set (see below). If this is the case, please do the"
echo "following:"
echo " - copy this file to a name specific to it's use."
echo " (e.g., to bootstrap-SOME_NAME.sh - like bootstrap-web-servers.sh.)"
echo " - on the website create an activation key or keys for the system(s) to"
echo " be registered."
echo " - edit the values of the VARIABLES below (in this script) as"
echo " appropriate:"
echo " - ACTIVATION_KEYS needs to reflect the activation key(s) value(s)"
echo " from the website. XKEY or XKEY,YKEY"
echo " - ORG_GPG_KEY needs to be set to the name of the corporate public"
echo " GPG key filename (residing in /var/www/html/pub) if appropriate."
echo
echo "Verify that the script variable settings are correct:"
echo " - CLIENT_OVERRIDES should be only set differently if a customized"
echo " client-config-overrides-VER.txt file was created with a different"
echo " name."
echo " - ensure the value of HOSTNAME is correct."
echo " - ensure the value of ORG_CA_CERT is correct."
echo
echo "Enable this script: comment (with #'s) this block (or, at least just"
echo "the exit below)"
echo
exit 1
# can be edited, but probably correct (unless created during initial install):
# NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine.
ACTIVATION_KEYS=insert_activation_key_here
ORG_GPG_KEY=insert_org_gpg_pub_key_here
# can be edited, but probably correct:
CLIENT_OVERRIDES=client-config-overrides.txt
HOSTNAME=your_rhn_server_host.example.com
ORG_CA_CERT=RHN-ORG-TRUSTED-SSL-CERT
ORG_CA_CERT_IS_RPM_YN=0
USING_SSL=1
USING_GPG=1
REGISTER_THIS_BOX=1
ALLOW_CONFIG_ACTIONS=0
ALLOW_REMOTE_COMMANDS=0
FULLY_UPDATE_THIS_BOX=1
#
# -----------------------------------------------------------------------------
# DO NOT EDIT BEYOND THIS POINT -----------------------------------------------
# -----------------------------------------------------------------------------
#
# an idea from Erich Morisse (of Red Hat).
# use either wget *or* curl
if [ -x /usr/bin/wget ] ; then
FETCH="/usr/bin/wget -q -r -nd"
else
if [ -x /usr/bin/curl ] ; then
FETCH="/usr/bin/curl -SksO"
fi
fi
HTTP_PUB_DIRECTORY=http://${HOSTNAME}/pub
HTTPS_PUB_DIRECTORY=https://${HOSTNAME}/pub
if [ $USING_SSL -eq 0 ] ; then
HTTPS_PUB_DIRECTORY=${HTTP_PUB_DIRECTORY}
fi
echo
echo "UPDATING RHN_REGISTER/UP2DATE CONFIGURATION FILES"
echo "-------------------------------------------------"
echo "* downloading necessary files"
echo " client_config_update.py..."
rm -f client_config_update.py
$FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/client_config_update.py
echo " ${CLIENT_OVERRIDES}..."
rm -f ${CLIENT_OVERRIDES}
$FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/${CLIENT_OVERRIDES}
if [ ! -f "client_config_update.py" ] ; then
echo "ERROR: client_config_update.py was not downloaded"
exit 1
fi
if [ ! -f "${CLIENT_OVERRIDES}" ] ; then
echo "ERROR: ${CLIENT_OVERRIDES} was not downloaded"
exit 1
fi
echo "* running the update scripts"
if [ -f "/etc/sysconfig/rhn/rhn_register" ] ; then
echo " . rhn_register config file"
/usr/bin/python -u client_config_update.py /etc/sysconfig/rhn/rhn_register ${CLIENT_OVERRIDES}
fi
echo " . up2date config file"
/usr/bin/python -u client_config_update.py /etc/sysconfig/rhn/up2date ${CLIENT_OVERRIDES}
if [ ! -z "$ORG_GPG_KEY" ] ; then
echo
echo "* importing organizational GPG key"
rm -f ${ORG_GPG_KEY}
$FETCH ${HTTPS_PUB_DIRECTORY}/${ORG_GPG_KEY}
# get the major version of up2date
res=$(rpm -q --queryformat '%{version}' up2date | sed -e 's/\..*//g')
if [ $res -eq 2 ] ; then
gpg $(up2date --gpg-flags) --import $ORG_GPG_KEY
else
rpm --import $ORG_GPG_KEY
fi
fi
echo
echo "* attempting to install corporate public CA cert"
if [ $USING_SSL -eq 1 ] ; then
if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then
rpm -Uvh ${HTTP_PUB_DIRECTORY}/${ORG_CA_CERT}
else
rm -f ${ORG_CA_CERT}
$FETCH ${HTTP_PUB_DIRECTORY}/${ORG_CA_CERT}
mv ${ORG_CA_CERT} /usr/share/rhn/
fi
fi
echo
echo "REGISTRATION"
echo "------------"
# Should have created an activation key or keys on the RHN Server's
# website and edited the value of ACTIVATION_KEYS above.
#
# If you require use of several different activation keys, copy this file and
# change the string as needed.
#
if [ -z "$ACTIVATION_KEYS" ] ; then
echo "*** ERROR: in order to bootstrap RHN clients, an activation key or keys"
echo " must be created in the RHN web user interface, and the"
echo " corresponding key or keys string (XKEY,YKEY,...) must be maped to"
echo " the ACTIVATION_KEYS variable of this script."
exit 1
fi
if [ $REGISTER_THIS_BOX -eq 1 ] ; then
echo "* registering"
/usr/sbin/rhnreg_ks --force --activationkey "$ACTIVATION_KEYS"
echo
echo "*** this system should now be registered, please verify ***"
echo
else
echo "* explicitely not registering"
fi
echo
echo "OTHER ACTIONS"
echo "------------------------------------------------------"
if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then
echo "up2date up2date; up2date -p; up2date -uf (conditional)"
else
echo "up2date up2date; up2date -p"
fi
echo "but any post configuration action can be added here. "
echo "------------------------------------------------------"
if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then
echo "* completely updating the box"
else
echo "* ensuring up2date itself is updated"
fi
/usr/sbin/up2date up2date
/usr/sbin/up2date -p
if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then
/usr/sbin/up2date -uf
fi
echo "-bootstrap complete-" |