4.2. RHN Proxy Server Installation Process

The following instructions describe the RHN Proxy Server installation process:

  1. Register the newly-installed Red Hat Enterprise Linux AS system with Red Hat Network (either the central RHN Servers or your RHN Satellite Server) using the organizational account containing the RHN Proxy Server entitlement with the command: up2date --register.

  2. Grant the system a Provisioning entitlement. Visit the RHN Website (or the fully qualified domain name of the Satellite serving the Proxy), login as the Organization Administrator, and navigate to the Your RHN ⇒ Subscription Management page. Check the box of system on which the RHN Proxy Server is to be installed, select Provisioning from the drop-down box, and click the Add Entitlement button.

  3. Ensure that the system is subscribed to the Red Hat Network Tools channel for its base operating system by clicking the name of the system and navigating to the System ⇒ System Details page. Under the Subscribed Channels section, check the listed channels for the Tools channel. If not subscribed to this channel, click the Alter Channel Subscriptions link, check the box next to the tools channel, and then click the Change Subscriptions button to confirm your choice.

  4. Install all of the rhncfg packages by first navigating to the System ⇒ System Details ⇒ Software ⇒ Packages ⇒ Install subtab. Next, search for rhncfg using the Filter by Package Name text search box. In the resulting list, select all of the packages and install them.

  5. If you will be enabling secure sockets layer (SSL) encryption on the Proxy and connecting to the central RHN Servers, install the rhns-certs-tools package from the same Red Hat Network Tools channel and use the RHN SSL Maintenance Tool to generate the tar file required later. Refer to the SSL Certificates chapter of the RHN Client Configuration Guide for instructions.

    If you will be enabling SSL encryption on the Proxy and connecting to an RHN Satellite Server or another RHN Proxy Server with SSL, you will also need the CA certificate password used for the parent system.

  6. Log into the system through a terminal as root and run the rhn_check command to immediately initiate the scheduled package installation.

  7. Once the packages have been installed, as confirmed through the System Details ⇒ Events tab, prepare the system to accept remote commands and configuration management with the following command:

    /usr/bin/rhn-actions-control --enable-all
  8. Within the RHN website, navigate to the System Details ⇒ Details ⇒ Proxy subtab.

    WarningWarning
     

    Please note that the RHN Proxy Server installation may replace the squid.conf and httpd.conf configuration files on the system to ease upgrades later. If you have edited these files and want to preserve them, they are rotated in place and can be retrieved after installation.

    Figure 4-1. System Details ⇒ Proxy

  9. In the System Details ⇒ Details ⇒ Proxy subtab, the pulldown menu should indicate your ability to activate the system as an RHN Proxy Server. Ensure that the correct version is selected and click the Activate Proxy button. The Welcome page of the installation appears.

    Figure 4-2. Welcome

  10. In the Welcome page, you will find notification of any requirements not met by the system. When the system is ready, a continue link appears. Click it to go to the Terms & Conditions page.

    Figure 4-3. Terms & Conditions

  11. In the Terms & Conditions page, click the terms and conditions link to view the licensing agreement of the RHN Proxy Server. When satisfied, click the I agree link. You must agree in order to continue with the installation. For Proxies that register to a Satellite, the Enable Monitoring page appears next.

    Figure 4-4. Enable Monitoring

  12. In the Enable Monitoring page, you must decide whether the Proxy will be used to monitor systems served by it. For this to take place, the RHN Proxy Server must meet the requirements identified in Chapter 2 Requirements and must be connected to an RHN Satellite Server (or another Proxy connected to a Satellite). To enable monitoring on the Proxy, select the checkbox and click continue. The Configure RHN Proxy Server page appears.

    Figure 4-5. Configure RHN Proxy Server

  13. In the Configure RHN Proxy Server page, provide or confirm the entries for all required fields. The Administrator Email Address will receive all mail generated by the Proxy, including sometimes large quantities of error-related tracebacks. To stem this flow, consider establishing mail filters that capture messages with a subject of "RHN TRACEBACK from hostname". To list more than one administrator, enter a comma-separated list of email addresses.

    The RHN Proxy Hostname is the fully qualified domain name (FQDN) of the RHN Proxy Server. The RHN Parent Server is the domain name of the server serving the Proxy — either the central RHN servers, another RHN Proxy Server or an RHN Satellite Server. To connect to the central RHN servers, include the value xmlrpc.rhn.redhat.com. To connect to a Satellite or another Proxy, enter the parent system's FQDN.

    If the RHN Proxy Server will connect through an HTTP proxy, configure it using the associated fields. Note that references to protocol, such as http:// or https:// should not be included in the HTTP Proxy Server field. Insert only the hostname and port in the form hostname:port, such as your-gateway.example.com:3128.

    TipTip
     

    The installation process affects only the Proxy configuration file: /etc/rhn/rhn.conf. The Red Hat Update Agent (up2date) configuration file, /etc/sysconfig/rhn/up2date, must be updated manually to receive its updates from another server, such as an RHN Satellite Server.

    Finally, you must decide whether to enable SSL using the checkbox at the bottom. Red Hat strongly recommends that you employ this level of encryption for all traffic to and from the RHN Proxy Server. To select it, however, you must connect to the central RHN Servers (which have SSL enabled by default) or to an RHN Satellite Server or RHN Proxy Server that has SSL enabled. Connection to the central RHN Servers requires upload of the certificate tar file mentioned earlier. Connection to a Satellite or another Proxy through SSL requires the CA certificate password used in enabling SSL on the parent system.

    If you choose not to enable SSL during installation, leave this box unchecked and refer to the SSL Certificates chapter of the RHN Client Configuration Guide to learn how to obtain this level of security post install. When finished, click continue. If you enabled SSL and are connecting to a Satellite, the Configure SSL page appears. If you enabled SSL and are connecting to another Proxy or the central RHN servers, the Upload SSL page appears. If you did not enable SSL but did enable Monitoring, skip to the description of the Configure Monitoring page. If you did not enable SSL or Monitoring, skip to the description of the Install Progress page.

    Figure 4-6. Configure SSL

  14. In the Configure SSL page applicable only to a Proxy connecting to an RHN Satellite Server with SSL enabled, provide the information needed to generate the server certificate. The most important item is the CA certificate password, which must match the password used while enabling SSL on the parent server. The remaining fields may match the parent server's values but can differ depending on the role of the RHN Proxy Server, for instance reflecting a different geographic location. Similarly, the email address may be the same one provided earlier for the Proxy administrator, but may instead be directed to a particular certificate administrator. Certificate expiration is configurable. As always, ensure that the values provided here exist in the backups of information described in Chapter 2 Requirements. Once finished, click continue.

    Figure 4-7. Configure Monitoring

  15. In the Configure Monitoring page, provide or confirm the hostname and IP address of the parent server connected to by the RHN Proxy Server. This must be either an RHN Satellite Server or another Proxy which is in turn connected to a Satellite. You cannot achieve Monitoring through the central RHN Servers. When finished, click continue. The Install Progress page appears.

    Figure 4-8. Install Progress

  16. In the Install Progress page, you may monitor the steps of the installation as they take place. Click the link to any step to go to its Action Details page. When an action begins, its status goes from Queued to Picked Up and then finally to Completed. Like the earlier package installs, you can immediately trigger these steps by running the rhn_check command in a terminal on the system as root. When finished, the Install Progress page will display the message The installation is complete. You may now begin registering systems to be served by the RHN Proxy Server. Refer to the RHN Client Configuration Guide.

  17. When all items on the Install Progress page are Completed, the Proxy is ready for use. You can now register systems to RHN through the Proxy.

    Figure 4-9. Install Complete