Red Hat Network provides a tool that automates much of the manual reconfiguration described in previous chapters: RHN Bootstrap. This tool plays an integral role in the RHN Satellite Server Installation Program, enabling generation of the bootstrap script during installation.
RHN Proxy Server customers and customers with updated Satellite settings require a bootstrap tool that can be used independently. RHN Bootstrap, invoked with the command /usr/bin/rhn-bootstrap, serves that purpose and comes installed by default on both RHN Satellite Server and RHN Proxy Server.
If used correctly, the script this tool generates can be run from any client system to conduct the following tasks:
Redirect client applications to the RHN Proxy or Satellite
Import custom GPG keys
Install SSL certificates
Register the system to RHN and particular system groups and channels with the help of activation keys
Perform miscellaneous post-configuration activities, including updating packages, performing reboots, and altering RHN configuration
Customers should note, however, the inherent risks of using a script to conduct configuration. Security tools such as SSL certificates are installed by the script itself; therefore they do not yet exist on the systems and cannot be used to process transactions. This allows for the possibility of someone impersonating the Satellite and transmitting bad data. This is mitigated by the fact that virtually all Satellites and client systems operate behind customer firewalls and are restricted from outside traffic. Registration is conducted via SSL and is therefore protected.
The bootstrap script bootstrap.sh is automatically placed in the /var/www/html/pub/bootstrap/ directory of the RHN Server. From there it can be downloaded and run on all client systems. Note that some preparation and post-generation editing is required, as identified in the following sections. Refer to Section 5.4 RHN Bootstrap Options for the tool's complete list of options. Finally, refer to the Appendix A Sample Bootstrap Script for an example script.
Since RHN Bootstrap (rhn-bootstrap) depends on other components of the Red Hat Network infrastructure to properly configure client systems, those components must be prepared before script generation. The following list identifies suggested initial measures:
Generate activation keys to be called by the script(s). Activation keys can be used to register Red Hat Enterprise Linux systems, entitle them to an RHN service level, and subscribe them to specific channels and system groups, all in one action. Note that you must have Management entitlements available to use an activation key, while inclusion of multiple activation keys at once requires Provisioning entitlements. Generate activation keys through the Activation Keys page within the Systems category of the RHN website (either the central RHN Servers for Proxy or the fully qualified domain name of the Satellite). Refer to the Red Hat Update Agent and RHN Website chapters of the RHN Reference Guide for instructions on creation and use.
Red Hat recommends your RPMs be signed by a custom GNU Privacy Guard (GPG) key. Make the key available so you may refer to it from the script. Generate the key as described in the RHN Channel Management Guide and place the key in the /var/www/html/pub/ directory of the RHN Server, per Chapter 4 Importing Custom GPG Keys.
If you wish to use the script to deploy your CA SSL public certificate, have the certificate or the package (RPM) containing that certificate available on that RHN Server and include it during script generation with the --ssl-cert option. Refer to Chapter 3 SSL Infrastructure for details.
Have the values ready to develop one or many bootstrap scripts, depending on the variety of systems to be reconfigured. Since RHN Bootstrap provides a full set of reconfiguration options, you may use it to generate different bootstrap scripts to accommodate each type of system. For instance, bootstrap-web-servers.sh might be used to reconfigure your Web servers, while bootstrap-app-servers.sh can handle the application servers. Consult Section 5.4 RHN Bootstrap Options for the complete list.