Chapter 6. Manually Scripting the Configuration

Note that this chapter provides an alternative to using RHN Bootstrap to generate the bootstrap script. With these instructions, you should be able to create your own bootstrap script from scratch.

All of the initial techniques have shared a common theme: the deployment of necessary files in a centralized location to be retrieved and installed using simple, scriptable commands run on each client. In this chapter, we explore putting all of these pieces together to create a single script that can be invoked by any system in your organization.

When we combine all of the commands from the previous chapters in the most sensible order, we get the following script. Keep in mind, rhn_register does not exist on Red Hat Enterprise Linux 3 or later:

# First, install the latest client RPMs to the system.
rpm -Uvh \
  http://proxy-or-sat.example.com.com/pub/rhn_register-2.8.27-1.7.3.i386.rpm \
  http://proxy-or-sat.example.com.com/pub/rhn_register-gnome-2.8.27-1.7.3.i386.rpm \
  http://proxy-or-sat.example.com.com/pub/up2date-3.0.7-1.i386.rpm \
  http://proxy-or-sat.example.com.com/pub/up2date-gnome-3.0.7-1.i386.rpm

# Second, reconfigure the clients to talk to the correct server.
perl -p -i -e 's/s/www\.rhns\.redhat\.com/proxy-or-sat\.example\.com/g' \
  /etc/sysconfig/rhn/rhn_register \
  /etc/sysconfig/rhn/up2date

# Third, install the SSL client certificate for your company's 
# RHN Satellite Server or RHN Proxy Server.
rpm -Uvh http://proxy-or-sat.example.com/pub/rhn-org-trusted-ssl-cert-*.noarch.rpm

# Fourth, reconfigure the clients to use the new SSL certificate.
perl -p -i -e 's/^sslCA/#sslCA/g;' \
  /etc/sysconfig/rhn/up2date /etc/sysconfig/rhn/rhn_register
echo "sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" \
  >> /etc/sysconfig/rhn/up2date
echo "sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" \
  >> /etc/sysconfig/rhn/rhn_register

# Fifth, download the GPG key needed to validate custom packages.
wget -O - -q http://proxy-or-sat.example.com.com/pub/YOUR-RPM-GPG-KEY

# Sixth, import that GPG key to your GPG keyring.
rpm --import /path/to/YOUR-RPM-GPG-KEY

Remember, the sixth step is documented here as it pertains to systems running Red Hat Linux 3 or newer. For Red Hat Enterprise Linux 2.1, use the following command instead:

gpg $(up2date --gpg-flags) --import /path/to/YOUR-RPM-GPG-KEY

This script comprises a clean and repeatable process that should fully configure any potential Red Hat Network client in preparation for registration to an RHN Proxy Server or RHN Satellite Server. Remember, key values, such as the URL of your RHN Server, its public directory, and your actual GPG key must be inserted into the placeholders listed within the script. Also, depending on your environment, additional modifications may be required. Although this script may work nearly verbatim, it should be used as a guide.

Like its components, this script may be centrally located. By placing this script in the /pub/ directory of the server, running wget -O- on it, and piping the output to a shell session, one may run the entire bootstrap process with a single command from each client:

wget -O - http://proxy-or-sat.example.com.com/pub/bootstrap_script | bash

WarningWarning
 

Running a shell script directly from input piped in over a Web connection obviously has some inherent security risks. Therefore, it is vital to ensure the security of the source server in this instance.

This one-line command may then be invoked across all of the systems on a network. If the administrator has SSH access to all of the systems in question, it would be a simple task to iterate over a list of these systems and run the command remotely on all of them. This script would also be a perfect addition to the %post section of an existing kickstart script.