8.3. Client System Preparation
Before your UNIX-based client systems benefit from Red Hat Network, they must be prepared for connection:
Download and install gzip and required third-party libraries.
Download the RHN application tarball from the Satellite to the client and install the contents.
Next, deploy the SSL certificates required for a secure connection.
Configure the client applications to connect to the RHN Satellite Server.
Once finished, your systems will be ready to begin receiving RHN updates. The following three section explain these steps in detail.
8.3.1. Download and Install Additional Packages
This section steps you through the process of downloading and installing third-party applications and the RHN applications from the Satellite onto the UNIX client.
Of primary importance is the Red Hat Update Agent for UNIX (RHATu2d), which provides the link between your client systems and Red Hat Network. The UNIX-specific version of the Red Hat Update Agent is limited in functionality compared to its Linux counterpart but still enables system registration and facilitates package installs and patches. Refer to Section 8.4 Registration and Updates for a full description of the tool's options.
 | Note |
|---|---|
It may be useful to enter the command bash when first logging into the Solaris client. If the BASH shell is available, it will make the system's behavior as Linux-like as possible. |
8.3.1.1. Install Third-Party Packages
Installation of the RHN applications cannot proceed unless the following utility and libraries are present:
gzip
libgcc
openssl
zlib
The gzip utility is provided by the SUNWgzip package and may be downloaded from http://www.sunfreeware.com.
On recent versions of Solaris, the necessary libraries are provided by the following natively installed packages:
SUNWgccruntime
SUNWopenssl*
SUNWzlib
For older Solaris versions, the following required packages may be downloaded from http://www.sunfreeware.com:
SMClibgcc or SMCgcc
SMCossl
SMCzlib
To verify if a package is installed on the client, use the pkginfo command. For example, to check for a package that contains "zlib" in the name, run the following command:
# pkginfo | grep zlib |
| Note |
|---|---|
Solaris package archive names differ from the name of the installed package. For example, the package archive libgcc<version>-sol<solaris-version>-sparc-local.gz becomes SMClibgcc after installation |
8.3.1.2. Configure the Library Search Path
In order to allow the Solaris client to use the libraries installed in the previous step, you must add their location to the library search path. To do so, use one of the following commands, depending on the architecture of the client:
On Sparc:
# crle -c /var/ld/ld.conifg -l /lib:/usr/lib:/usr/local/lib |
On x86:
# crle -c /var/ld/ld.config -l /lib:/usr/lib:/usr/local/lib:/usr/sfw/lib |
8.3.1.3. Download RHN Client Packages
Download the appropriate tarball of packages from the /var/www/html/pub/ directory of your Satellite. If you are able to use a GUI web browser like Mozilla, navigate to the /pub directory of the Satellite and save the appropriate tarball to your client:
http://your-satellite.example.com/pub/rhn-solaris-bootstrap-<version>-<solaris-arch>-<solaris-version>.tar.gz |
If you must download the tarball from the command line, it should be possible to use ftp to transfer the file from the Satellite to the client.
Using gzip, decompress the tarball. You should have the following packages:
RHATpossl
RHATrcfg
RHATrcfga
RHATrcfgc
THATrcfgm
RHATrhnc
RHATrhnl
RHATrpush
RHATsmart
SMClibgcc and SMCosslg may also be included in the tarball.
8.3.1.4. Install the RHN Packages
Change to the uncompressed directory and use the UNIX variant's native installation tool to install each package. For example, on Solaris, use the pkgadd command. Answer "yes" to any prompts during package install.
Here is how a typical installation might proceed:
# pkgadd -d RHATpossl-0.6-1.p24.6.pkg all # pkgadd -d RHATpythn-2.4.1-2.rhn.4.sol9.pkg all # pkgadd -d RHATrhnl-1.8-7.p23.pkg all ... |
| Note |
|---|---|
You may choose to use the -n of pkgadd, which runs the command in non-interactive mode. However, this may cause the installation of some packages to fail silently on Solaris 10. |
Continue until each package is installed in the RHN-specific path: /opt/redhat/rhn/solaris/.
8.3.1.5. Include RHN Packages in the PATH
In order to make the RHN packages available at each login, you may wish to add them to your PATH. To do so, add these commands to your login script:
# PATH=$PATH:/opt/redhat/rhn/solaris/bin # PATH=$PATH:/opt/redhat/rhn/solaris/usr/bin # PATH=$PATH:/opt/redhat/rhn/solaris/usr/sbin # export PATH |
To enable access to the RHN client command man pages, add then to your MANPATH. To do so, add the following commands to your login script:
# MANPATH=$MANPATH:/opt/redhat/rhn/solaris/man # export MANPATH |
Alternatively, you can also access the man pages from the command line, with the following command:
# man -M /opt/redhat/rhn/solaris/man <man page> |
Finally, add the Red Hat Libraries to your PATH as you did with libgcc, openssl and zlib.
crle -c /var/ld/ld-config -l <current library paths>:/opt/redhat/rhn/solaris/lib |
8.3.2. Deploying Client SSL Certificates
To ensure secure data transfer, Red Hat strongly recommends the use of SSL. The RHN Satellite Server eases implementation of SSL by generating the necessary certificates during its installation. The server-side certificate is automatically installed on the Satellite itself, while the client certificate is placed in the /pub/ directory of the Satellite's Web server.
To install the certificate, follow these steps for each client:
Download the SSL certificate from the /var/www/html/pub/ directory of the RHN Satellite Server onto the client system. The certificate will be named something similar to RHN-ORG-TRUSTED-SSL-CERT. It is accessible via the web at the following URL: https://your-satellite.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT.
Move the client SSL certificate to the RHN-specific directory for your UNIX variant. For Solaris, this can be accomplished with a command similar to:
mv /path/to/RHN-ORG-TRUSTED-SSL-CERT /opt/redhat/rhn/solaris/usr/share/rhn/
When finished, the new client certificate will be installed in the appropriate directory for your UNIX system. If you have a large number of systems to prepare for RHN management, you may script this entire process.
Now you must reconfigure the RHN client applications to refer to the newly installed SSL certificate. Refer to Section 8.3.3 Configuring the clients for instructions.
8.3.3. Configuring the clients
The final step before registering your client systems with Red Hat Network is to reconfigure their RHN applications to use the new SSL certificate and obtain updates from the RHN Satellite Server. Both of these changes can be made by editing the configuration file of the Red Hat Update Agent, which provides registration and update functionality.
Follow these steps on each client system:
As root, change to the RHN configuration directory for the system. For Solaris, the full path is /opt/redhat/rhn/solaris/etc/sysconfig/rhn/.
Open the up2date configuration file in a text editor.
Find the serverURL entry and set its value to the fully qualified domain name (FQDN) of your RHN Satellite Server:
serverURL[comment]=Remote server URL serverURL=https://your-satellite.example.com/XMLRPC
Ensure the application refers to the RHN Satellite Server even when SSL is turned off by also setting the noSSLServerURL value to the Satellite:
noSSLServerURL[comment]=Remote server URL without SSL noSSLServerURL=http://your-satellite.example.com/XMLRPC
With the up2date configuration file still open, find the sslCACert entry and set its value to the name and location of the SSL certificate described in Section 8.3.2 Deploying Client SSL Certificates, for example:
sslCACert[comment]=The CA cert used to verify the ssl server sslCACert=/opt/redhat/rhn/solaris/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Your client systems are now ready for registration with Red Hat Network and management by your Satellite.