12.3. Client System Preparation
Before your UNIX-based client systems benefit from Red Hat Network, they must be prepared for connection:
Once finished, your systems will be ready to begin receiving RHN updates. The following three section explain these steps in detail.
12.3.1. Download and Install Additional Packages
This section steps you through the process of downloading and installing third-party applications and the RHN applications from the Satellite onto the UNIX client.
Of primary importance is the
Red Hat Update Agent for UNIX (
up2date), which provides the link between your client systems and Red Hat Network. The UNIX-specific version of the
Red Hat Update Agent is limited in functionality compared to its Linux counterpart but still enables system registration and facilitates package installs and patches. Refer to
Section 12.4, “Registration and Updates” for a full description of the tool's options.
Note
It may be useful to enter the command bash when first logging into the Solaris client. If the BASH shell is available, it will make the system's behavior as Linux-like as possible.
12.3.1.1. Install Third-Party Packages
Installation of the RHN applications cannot proceed unless the following utility and libraries are present:
On recent versions of Solaris, the necessary libraries are provided by the following natively installed packages:
SUNWgccruntime
SUNWopenssl*
SUNWzlib
SMClibgcc or SMCgcc
SMCossl
SMCzlib
To verify if a package is installed on the client, use the pkginfo command. For example, to check for a package that contains "zlib" in the name, run the following command:
# pkginfo | grep zlib
Note
Solaris package archive names differ from the name of the installed package. For example, the package archive libgcc<version>-sol<solaris-version>-sparc-local.gz becomes SMClibgcc after installation
12.3.1.2. Configure the Library Search Path
In order to allow the Solaris client to use the libraries installed in the previous step, you must add their location to the library search path. To do so, first check the current library search path":
# crle -c /var/ld/ld.config
Make a note of the current Default Library Path. Next, modify the path to also include the components shown below. Note that the -l option resets the value, rather than appending it, so if there already were values set on your system, prepend them to the -l parameter.
On sparc:
# crle -c /var/ld/ld.config -l /other/existing/path:/lib:/usr/lib:/usr/local/lib
On x86:
# crle -c /var/ld/ld.config -l /other/existing/path:/lib:/usr/lib:/usr/local/lib:/usr/sfw/lib
12.3.1.3. Download RHN Client Packages
Download the appropriate tarball of packages from the /var/www/html/pub/ directory of your Satellite. If you are able to use a GUI web browser like Mozilla, navigate to the /pub directory of the Satellite and save the appropriate tarball to your client:
http://your-satellite.example.com/pub/rhn-solaris-bootstrap-<version>-<solaris-arch>-<solaris-version>.tar.gz
If you must download the tarball from the command line, it should be possible to use ftp to transfer the file from the Satellite to the client.
Using gzip, decompress the tarball. You should have the following packages:
RHATpossl
RHATrcfg
RHATrcfga
RHATrcfgc
THATrcfgm
RHATrhnc
RHATrhnl
RHATrpush
RHATsmart
SMClibgcc and SMCosslg may also be included in the tarball.
12.3.1.4. Install the RHN Packages
Change to the uncompressed directory and use the UNIX variant's native installation tool to install each package. For example, on Solaris, use the pkgadd command. Answer "yes" to any prompts during package install.
Here is how a typical installation might proceed:
# pkgadd -d RHATpossl-0.6-1.p24.6.pkg all
# pkgadd -d RHATpythn-2.4.1-2.rhn.4.sol9.pkg all
# pkgadd -d RHATrhnl-1.8-7.p23.pkg all
...
Note
You may choose to use the -n of pkgadd, which runs the command in non-interactive mode. However, this may cause the installation of some packages to fail silently on Solaris 10.
Continue until each package is installed in the RHN-specific path: /opt/redhat/rhn/solaris/.
12.3.1.5. Include RHN Packages in the PATH
In order to make the RHN packages available at each login, you may wish to add them to your PATH. To do so, add these commands to your login script:
# PATH=$PATH:/opt/redhat/rhn/solaris/bin
# PATH=$PATH:/opt/redhat/rhn/solaris/usr/bin
# PATH=$PATH:/opt/redhat/rhn/solaris/usr/sbin
# export PATH
To enable access to the RHN client command man pages, add them to your MANPATH. To do so, add the following commands to your login script:
# MANPATH=$MANPATH:/opt/redhat/rhn/solaris/man
# export MANPATH
Alternatively, you can also access the man pages from the command line, with the following command:
# man -M /opt/redhat/rhn/solaris/man <man page>
Finally, add the Red Hat Libraries to your PATH as you did with libgcc, openssl and zlib.
crle -c /var/ld/ld.config -l <current library paths>:/opt/redhat/rhn/solaris/lib
12.3.2. Deploying Client SSL Certificates
To ensure secure data transfer, Red Hat strongly recommends the use of SSL. The RHN Satellite eases implementation of SSL by generating the necessary certificates during its installation. The server-side certificate is automatically installed on the Satellite itself, while the client certificate is placed in the /pub/ directory of the Satellite's Web server.
To install the certificate, follow these steps for each client:
Download the SSL certificate from the /var/www/html/pub/ directory of the RHN Satellite onto the client system. The certificate will be named something similar to RHN-ORG-TRUSTED-SSL-CERT. It is accessible via the web at the following URL: https://your-satellite.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT.
Move the client SSL certificate to the RHN-specific directory for your UNIX variant. For Solaris, this can be accomplished with a command similar to:
mv /path/to/RHN-ORG-TRUSTED-SSL-CERT /opt/redhat/rhn/solaris/usr/share/rhn/
When finished, the new client certificate will be installed in the appropriate directory for your UNIX system. If you have a large number of systems to prepare for RHN management, you may script this entire process.
The final step before registering your client systems with Red Hat Network is to reconfigure their RHN applications to use the new SSL certificate and obtain updates from the RHN Satellite. Both of these changes can be made by editing the configuration file of the Red Hat Update Agent, which provides registration and update functionality.
Follow these steps on each client system:
As root, change to the RHN configuration directory for the system. For Solaris, the full path is /opt/redhat/rhn/solaris/etc/sysconfig/rhn/.
Open the up2date configuration file in a text editor.
Find the serverURL entry and set its value to the fully qualified domain name (FQDN) of your RHN Satellite:
serverURL[comment]=Remote server URL
serverURL=https://your-satellite.example.com/XMLRPC
Ensure the application refers to the RHN Satellite even when SSL is turned off by also setting the noSSLServerURL value to the Satellite:
noSSLServerURL[comment]=Remote server URL without SSL
noSSLServerURL=http://your-satellite.example.com/XMLRPC
sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/opt/redhat/rhn/solaris/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Your client systems are now ready for registration with Red Hat Network and management by your Satellite.
