Red Hat Network Satellite 5.
Installation Guide Red Hat Network Satellite 5.4 Installation Guide Red Hat Network Satellite Edition 1 Copyright © 2010 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/.
1. Introduction 1.1. Red Hat Network ......................................................................................................... 1.2. RHN Satellite ............................................................................................................... 1.3. Terms to Understand .................................................................................................... 1.4. How it Works ..............................................................................................
Installation Guide 6.4.3. Configuring the Slave RHN Satellite Servers ..................................................... 6.5. Using Inter-Satellite Sync ............................................................................................ 6.5.1. Syncing between a Development Staging Server and a Production Satellite ......... 6.5.2. Bi-directional sync ............................................................................................ 6.6. Synchronizing by Organization ...................
Chapter 1. Introduction RHN Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows Red Hat Network customers the greatest flexibility and power in keeping servers secure and updated. Two types of RHN Satellite are available: One with a stand-alone database on a separate machine and one with an embedded database installed on the same machine as the Satellite.
Chapter 1. Introduction • Security — an end-to-end secure connection is maintained from the client systems to the RHN Satellite without connecting to the public Internet. • Efficiency — packages are delivered significantly faster over a local area network. • Control — clients' System Profiles are stored on the local RHN Satellite, not on the central Red Hat Network Servers.
How it Works 1.4. How it Works RHN Satellite consists of the following components: • Database — for the Stand-Alone Database, this may be the organization's existing database or, preferably, a separate machine. RHN Satellite supports Oracle Database 10g Release 2, Standard or Enterprise Edition. For the Embedded Database, the database comes bundled with RHN Satellite and is installed on the same machine as the Satellite during the installation process.
Chapter 1. Introduction The RHN Satellite management tools are used to synchronize the RHN Satellite database and package repository with Red Hat Network. The RHN Satellite import tool allows the system administrator to include custom RPM packages in the package repository. RHN Satellite can be used in conjunction with RHN Proxy Server to deliver a distributed, selfcontained Red Hat Network deployment for the organization. For example, an organization can maintain one RHN Satellite in a secure location.
Upgrades 3. Your Red Hat contact creates a Satellite-entitled account on the RHN website and sends you the login information. 4. Log into the RHN website (rhn.redhat.com) and download the distribution ISOs for Red Hat Enterprise Linux AS 4 or Red Hat Enterprise Linux 5 and RHN Satellite. These can be found within the Downloads tab of the respective Channel Details pages. Refer to the RHN Reference Guide for instructions. 5.
Chapter 1. Introduction • Satellite Upgrade Documentation Package (rhn-upgrade) • New Installation ISO 1.6.1. Satellite Certificate To obtain a Satellite certificate, visit Red Hat support at http://support.redhat.com. 1.6.2.
New Installation ISO 1. Log into RHN 2. Click on Software Downloads on the left-hand side of the screen 3. Navigate to the version of Red Hat Enterprise Linux you are currently using 4. Click on the latest version of RHN Satellite 5. Then choose if you want the embedded Oracle Database ISO or the non-embedded version Once you have followed all steps, refer to the instructions for a Satellite upgrade within the /etc/ sysconfig/rhn/satellite-upgrade/README file in the rhn-upgrade package.
8
Chapter 2. Requirements These requirements must be met before installation. 2.1. Software Requirements To perform an installation, the following software components must be available: • Base operating system — RHN Satellite is supported with Red Hat Enterprise Linux 5. The operating system can be installed from disc, local ISO image, kickstart, or any of the methods supported by Red Hat.
Chapter 2. Requirements Note Additional packages beyond @Base are required to install Red Hat Network Satellite. The Satellite installer will prompt you to either install the listed packages or ask if you want it to download the files from RHN. If your system is not registered to RHN, you should have the Red Hat Enterprise Linux installation media available during the Satellite installation process to install these additional packages as needed.
s/390 Hardware Requirements Stand-Alone Database Embedded Database 12 GB storage for the database repository, in the /rhnsat partition (local storage only) Strongly recommended - a SCSI drive connected to a level 5 RAID Separate partition (or better, a separate set of physical disks) for storing backups. This can be any directory specifiable at backup time.
Chapter 2.
Database Requirements For instance, an RHN Satellite containing 10 channels serving 10,000 systems would require 1.92 GB for its clients and 640 MB for its channels. If custom channels are to be established for testing and staging of packages, they must be included in this formula.
Chapter 2. Requirements Note Ensure that the NLS/charset setting is set to "UTF8"' when using an external database, not 'AL32UTF8' or other charsets. Using other charsets may lead to problems later. The disk layout on the database machine is independent of the RHN Satellite and entirely up to the customer. 2.4.
Additional Requirements Note that Red Hat does not provide static IP addresses for RHN as the IP is subject to change. If you want to disable location aware content, please review the Red Hat KnowledgeBase article at the following URL: http://kbase.redhat.
Chapter 2. Requirements If you do not have an Entitlement Certificate at installation time, contact Red Hat Global Support Services at: https://www.redhat.com/apps/support/ • A Red Hat Network Account Customers who connect to the central Red Hat Network Servers to receive incremental updates must have an external account with Red Hat Network. This account should be set up at the time of purchase with the sales representative.
Additional Requirements Note If you are running a disconnected Satellite that is not registered to RHN Hosted the installation program will note and return a list of any missing additional packages needed beyond @base to be installed, then the installation program will exit. This allows you to install those packages. You may want to use the installation ISO image or DVD media to create a repository for those additional packages, and then rerun the Satellite installer.
18
Chapter 3. Example Topologies The RHN Satellite can be configured in multiple ways. Select one method depending on the following factors: • The total number of client systems to be served by the RHN Satellite. • The maximum number of clients expected to connect concurrently to the RHN Satellite. • The number of custom packages and channels to be served by the RHN Satellite. • The number of RHN Satellites being used in the customer environment.
Chapter 3. Example Topologies Figure 3.2. Multiple Satellite Horizontally Tiered Topology 3.3. Satellite-Proxy Vertically Tiered Topology An alternative method to balance load is to install RHN Proxy Servers below a RHN Satellite. These Proxies connect to the Satellite for RPMs from Red Hat Network and custom packages created locally. In essence, the Proxies act as clients of the Satellite. This vertically tiered configuration requires that channels and RPMs be created only on the RHN Satellite.
Satellite-Proxy Vertically Tiered Topology Figure 3.3.
22
Chapter 4. Installation This chapter describes the initial installation of the RHN Satellite. It presumes the prerequisites listed in Chapter 2, Requirements have been met. If you are instead upgrading to a newer version of RHN Satellite, contact your Red Hat representative for assistance. 4.1. Base Install RHN Satellite is designed to run on the Red Hat Enterprise Linux operating system. Therefore, the first phase is to install the base operating system, either from disc, ISO image, or kickstart.
Chapter 4. Installation 4. Ensure that the RHN Entitlement Certificate has been copied onto the Satellite's file system. It can be named anything and located in any directory. The installation program will ask you for its location. Also, make sure your account has been granted the necessary entitlements to conduct the installation. For instance, a new Satellite will require both a Management or Provisioning entitlement for Red Hat Enterprise Linux AS and an RHN Satellite entitlement.
RHN Satellite Installation Program ** GPG: Initializing GPG and importing RHN key. ** GPG: Creating /root/.gnupg directory 10. The next step creates and populates the initial database, if you have opted for the RHN Satellite with Embedded Database. If you are installing RHN Satellite with Stand-Alone Database, the installer connects with the database. This step can take quite a while.
Chapter 4. Installation Visit https://your-satellite.example.com to create the satellite administrator account. 15. Follow the on-screen instructions and visit the FQDN of your Satellite via a web browser. Create the satellite administrator account - also referred to as the Organization Administrator - and click the Create Login button to move to the next screen, the Your RHN screen. Figure 4.1. Admin Account Creation 16.
RHN Satellite Installation Program Figure 4.2. Final Configuration Prompt 17. The Satellite Configuration - General Configuration page allows you to alter the most basic Satellite settings, such as the admin email address and whether Monitoring is enabled.
Chapter 4. Installation Figure 4.3. General Configuration 18. The RHN Satellite Configuration - Monitoring page allows you to configure the monitoring aspects of this Satellite. The local mail exchanger and local main domain are used to mail monitoring notification messages to administration. This is required only if you intend to receive alert notifications from probes. If you do, provide the mail server (exchanger) and domain to be used.
RHN Satellite Installation Program Figure 4.4. Monitoring 19. The RHN Satellite Configuration - Certificate page allows you to upload a new Satellite certificate. To identify the certificate's path, click Browse, navigate to the file, and select it. To input its contents, open your certificate in a text editor, copy all lines, and paste them directly into the large text field at the bottom. Red Hat recommends using the file locator as it is less error prone. Click Validate Certificate to continue.
Chapter 4. Installation Figure 4.5. Certificate 20. The RHN Satellite Configuration - Bootstrap page allows you to generate a bootstrap script for redirecting client systems from the central RHN Servers to the Satellite. This script, to be placed in the /var/www/html/pub/bootstrap/ directory of the Satellite, significantly reduces the effort involved in reconfiguring all systems, which by default obtain packages from the central RHN Servers.
RHN Satellite Installation Program Figure 4.6. Bootstrap 21. The RHN Satellite Configuration - Restart page contains the final step in configuring the Satellite. Click the Restart button to restart the Satellite in order to incorporate all of the configuration options added on the previous screens. Note that it will take between four and five minutes for the restart to finish. Figure 4.7.
Chapter 4. Installation 22. Once the Satellite has restarted, the countdown notice disappears. You are now free to begin using your Satellite. Figure 4.8. Restart Complete 4.2.1. Options to the Satellite Installation Program The various options available for the Satellite Installation Program are included below for easy reference. Table 4.1. Installation Options Option Usage --help Print this help message.
Automated RHN Satellite Server Installation Option Usage --skip-gpg-key-import Do not import Red Hat's GPG key. --skip-ssl-cert-generation Do not generate the SSL certificates for the Satellite. --run-updater Do not ask to install needed packages from RHN, if the system is registered. 4.3. Automated RHN Satellite Server Installation One option of the RHN Satellite Installation Program allows the user to reference an answer file.
Chapter 4. Installation proxyPassword= 3. Register the system to RHN. 4. Begin the installation of RHN Satellite with the disconnected option: ./install.pl --disconnected 5. Once the installation is completed, you will need to add or modify your settings in the /etc/rhn/ rhn.conf file: server.satellite.http_proxy = server.satellite.http_proxy_username = server.satellite.http_proxy_password = disconnected=0 6.
MySQL Installation rogerthat01: | /etc/smrsh/ack_enqueuer.pl Next, edit the /etc/mail/sendmail.mc file and change: "DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl" to: "DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl" Then, have the alias processed like so: newaliases Finally, update the sendmail-cf package: yum update sendmail-cf Note, disconnected installs must obtain this package from the ISO. Restart sendmail: service sendmail restart 4.6.
36
Chapter 5. Entitlements The RHN Satellite, like RHN itself, provides all services to customers through the setting of entitlements. For RHN, entitlements are purchased by customers as needed; however, for RHN Satellite, entitlements are contractually agreed-upon beforehand, and they are set at installation time. All public channels are automatically available; the private channels that should also be made available through the Satellite are determined by the RHN Entitlement Certificate.
Chapter 5. Entitlements The initial RHN Entitlement Certificate is generated by a member of the RHN team and emailed to a consultant or customer prior to installation. This process helps guarantee that we do not inadvertently install any RHN Satellites that the RHN team does not know about. Save the XML file to the Satellite machine in preparation for activation. 5.2.
Activating the Satellite Option Description --no-ssl For testing only - Disable SSL. To use these options, insert the option and the appropriate value, if needed, after the rhnsatellite-activate command. Refer to Section 5.3.2, “Activating the Satellite”. 5.3.2. Activating the Satellite You should use the options in Table 5.1, “RHN Entitlement Certificate Options” to accomplish the following tasks in this order: 1. Validate the RHN Entitlement Certificate's sanity (or usefulness). 2.
Chapter 5. Entitlements When the grace period is over, the Satellite becomes unavailable: users will be unable to login to the web UI and all client-side tools will present an Expired Certificate message. Finally, the Satellite Administrator receives a daily email alerting them that the certificate has expired.
Chapter 6. Importing and Synchronizing After installing the RHN Satellite, you must provide it with the packages and channels to be served to client systems. This chapter explains how to import that data and keep it up to date whether the content is from RHN's central servers, local media, or from one Satellite within your organization to another. Two tools, RHN Satellite Exporter and RHN Satellite Synchronization Tool, come installed as part of the rhns-sat-tools package. 6.1.
Chapter 6. Importing and Synchronizing Table 6.1. RHN Satellite Exporter Options Option Description -d, --dir= Place the exported information into this directory. -cCHANNEL_LABEL, -channel=CHANNEL_LABEL Process data for this specific channel (specified by label) only. NOTE: the channel's *label* is NOT the same as the channel's *name*. --list-channels List all available channels and exit. --list-steps List all of the steps that rhn-satellite-exporter takes while exporting data.
Importing with RHN Satellite Synchronization Tool Although it is not a requirement for the export to succeed, the export will be most useful when performed on a Satellite that has populated channels. 6.1.2.1. Running the Export First, be sure to configure the Satellite in the manner that you would either like to duplicate in another Satellite or back up to a storage solution. Second, select the contents you would like to export.
Chapter 6. Importing and Synchronizing The RHN Satellite Synchronization Tool works incrementally, or in steps. For it to obtain Errata information, it must first know the packages contained. For the packages to be updated, the tool must first identify the associated channel(s). For this reason, the RHN Satellite Synchronization Tool performs its actions in the following order: 1. channel-families — Import/synchronize channel family (architecture) data. 2. channels — Import/synchronize channel data. 3.
Preparing for Import from Local Media Option Description --force-all-packages Forcibly process all package data without conducting a diff. --debug-level=LEVEL_NUMBER Override the amount of messaging sent to log files and generated on the screen set in /etc/rhn/rhn.conf, 0-6 (2 is default). --email Email a report of what was imported/ synchronized to the designated recipient of traceback email. --traceback-mail=TRACEBACK_MAIL Direct sync output (from --email) to this email address.
Chapter 6. Importing and Synchronizing 6.2.2.1. Preparing Channel Content ISOs Channel Content ISOs are special collections that contain both packages and XML dumps of metadata. The ISO images can be downloaded from the RHN website on a machine connected to the Internet and then transferred to the Satellite. After logging in, click Channels in the top navigation bar. Then, click on the RHN Satellite channel, making sure to select the Satellite channel that corresponds to your version of Satellite.
Running the Import 1. Log into the machine as root. 2. Create a target directory for the files, such as: mkdir /var/rhn-sat-import/ 3. Make the export data available on the local machine in the directory created in the previous step. This can be done by copying the data directly, or by mounting the data from another machine using NFS. It is perhaps easiest to copy the data into the new directory with a command such as the following: scp -r root@storage.example.
Chapter 6. Importing and Synchronizing 1. 2. 3. 4. 5. Populating the tables describing common features for channels (channel families). This can also be accomplished individually by passing the --step=channel-families option to satellite-sync. Creating a particular channel in the database and importing the metadata describing the channel. Individually, use the --step=channels option. Moving the RPM packages from the temporary repository into their final location.
Synchronizing Errata and Packages Directly via RHN 3. After the analysis of the export data, any differences are imported into the RHN Satellite database. Please note that importing new packages may take variable lengths of time. For a large update, an import can take many hours. The satellite-sync command can be used in two modes: via RHN and via local media. 6.3.1.
Chapter 6. Importing and Synchronizing 6.4.1. Recommended Models for Inter-Satellite Sync The Inter-Satellite Sync feature for Satellite provides facilities for synchronizing content between two or more Satellites. The following are some of the more typical uses that show the possibilities of Inter-Satellite Sync and help guide you in determining how to make the most of this feature in your environment.
Configuring the Master RHN Satellite Server Figure 6.3. Slave Satellites are maintained exactly as the master Satellite In this example, the master Satellite (for example, a software or Hardware vendor) provides data to its customer. These changes are regularly synchronized to slave Satellites. 6.4.2. Configuring the Master RHN Satellite Server To use the inter-satellite sync feature, you must first ensure that you have it enabled. Make sure that the /etc/rhn/rhn.
Chapter 6. Importing and Synchronizing satellite-sync --iss-parent=master.satellite.example.com --ca-cert=/usr/share/rhn/RHN-ORGTRUSTED-SSL-CERT --list-channels This command lists both Red Hat Network Hosted channels as well as any custom channels available on the master Satellite server. 6.5. Using Inter-Satellite Sync Now that Inter-Satellite Sync is configured, you can now use it to synchronize channels from the master Satellite to the slave servers.
Bi-directional sync satellite-sync --iss-parent=staging-satellite.example.com -c custom-channel 6.5.2. Bi-directional sync Administrators can configure an environment where two RHN Satellite servers act as masters of each other. For example, Satellite A and B can sync content from one another. Figure 6.5. Bi-directional syncing Both Satellites would need to share SSL certificates, then set the iss_parent option in the /etc/ rhn/rhn.
Chapter 6. Importing and Synchronizing 3. Import content from RHN Hosted (assuming the system is registered and activated. If the source org is not specified, the base Red Hat channel is chosen).
Chapter 7. Troubleshooting This chapter provides tips for determining the cause of and resolving the most common errors associated with RHN Satellite. If you need additional help, contact Red Hat Network support at https:// rhn.redhat.com/help/contact.pxt. Log in using your Satellite-entitled account to see your full list of options. In addition, you may package configuration information and logs from the Satellite and send them to Red Hat for further diagnosis. Refer to Section 7.
Chapter 7. Troubleshooting Report Invoked as Description Entitlements entitlements Lists all organizations on the Satellite with their system or channel entitlements. Errata details errata-list All Errata errata-list- Complete list of all errata. all Errata for systems erratasystems Lists applicable errata and any registered systems that are affected. Users in the system users Lists all users registered to the Satellite.
General Problems Component/Task Log File Location RHN Satellite Synchronization Tool /var/log/rhn/rhn_server_satellite.log Monitoring infrastructure /var/log/nocpulse/ directory Monitoring notifications /var/log/notification/ directory RHN DB Control - Embedded Database /var/log/rhn/rhn_database.log RHN Task Engine (taskomatic) /var/log/messages yum /var/log/yum.log XML-RPC transactions /var/log/rhn/rhn_server_xmlrpc.log 7.3.
Chapter 7. Troubleshooting service oracle status To determine the version of your database schema, run the command: rhn-schema-version To derive the character set types of your Satellite's database, run the command: rhn-charsets If the administrator is not getting email from the RHN Satellite, confirm the correct email addresses have been set for traceback_mail in /etc/rhn/rhn.conf. If the traceback mail is marked from dev-null@rhn.redhat.
Connection Errors 127.0.0.1 this_machine.example.com this_machine localhost.localdomain \ localhost First, in a text editor, remove the offending machine information, like so: 127.0.0.1 localhost.localdomain.com localhost Then, save the file and attempt to re-run the RHN client applications or the Apache Web server. If they still fail, explicitly identify the IP address of the Satellite in the file, such as: 127.0.0.1 localhost.localdomain.com localhost 123.45.67.8 this_machine.example.
Chapter 7. Troubleshooting • Ensure the RHN Satellite is using Network Time Protocol (NTP) and set to the appropriate time zone. This also applies to all client systems and the separate database machine in RHN Satellite with Stand-Alone Database. • Confirm the correct package: 7 rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm is installed on the RHN Satellite and the corresponding rhn-org-trusted-ssl-cert*.noarch.rpm or raw CA SSL public (client) certificate is installed on all client systems.
Satellite Debugging by Red Hat [root@miab root]# satellite-debug Collecting and packaging relevant diagnostic information. Warning: this may take some time... * copying configuration information * copying logs * querying RPM database (versioning of RHN Satellite, etc.) * querying schema version and database character sets * get diskspace available * timestamping * creating tarball (may take some time): /tmp/satellite-debug.tar.
62
Chapter 8. Maintenance Because of the RHN Satellite's unique environment, its users are provided with abilities not available to any other Red Hat Network customers. In addition, the Satellite itself also requires maintenance. This chapter discusses the procedures that should be followed to carry out administrative functions outside of standard use, as well as to apply patches to the RHN Satellite. 8.1.
Chapter 8. Maintenance Warning It is very important to read the Errata Advisory before applying any RHN Satellite Errata Updates. Additional configuration steps may be required to apply certain RHN Satellite updates, especially if they involve the database. In such cases, the advisory will contain specific and detailed information about necessary steps that may be required.
Using RHN DB Control Backing up only these files and directories would require reinstalling the RHN Satellite ISO RPMs and reregistering the Satellite. In addition, Red Hat packages would need to be resynchronized using the satellite-sync tool. Finally, you would have to reinstall the /root/ssl-build/\ rhn-orghttpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm. Another method would be to back up all of the files and directories mentioned above but reinstall the RHN Satellite without reregistering it.
Chapter 8. Maintenance Option Description extend Increase the RHN Oracle tablespace gather-stats PCT Gather statistics on RHN Oracle database objects. PCT is the percentage of rows to estimate (the default is 15%). report Reports on current usage of database space. report-stats Reports on segments with stale or empty statistics. restore DIRNAME Restores the database from backup kept in DIRNAME. Database must be stopped for this command to run successfully. start Starts the database instance.
Backing up the Database 8.4.2. Backing up the Database Red Hat recommends performing nightly backups of the Embedded Database and moving the resulting directory to another system via NFS, SCP, FTP, etc. Preferably, this backup system resides off-site.
Chapter 8. Maintenance Then switch to the oracle user and issue this command, including the directory containing the backup, to begin the restoration: db-control restore DIRNAME This not only restores the Embedded Database but first verifies the contents of the backup directory using checksums. Once the restoration is complete, return to root user mode and restart the database and related services with these commands in this order: /usr/sbin/rhn-satellite start 8.5.
Changing the Satellite Hostname If your original SSL certificate does not take your high-availability solution into account, you may create a new one with a more appropriate Common Name value now. In this case, you may also generate a new bootstrap script that captures this new value. 3. After installation, copy the following files from the primary Satellite to the secondary Satellite: • /etc/rhn/rhn.conf • /etc/tnsnames.ora • /var/www/rhns/server/secret/rhnSecret.py 4.
Chapter 8. Maintenance openssl rsa -in path/RHN-ORG-PRIVATE-SSL-KEY Then enter passphrase when prompted. satellite-hostname-rename requires one mandatory argument, which is the IP address of the Satellite server, regardless of whether the IP address will change along with the hostname or not.
Deleting Users Figure 8.1. Internal Tools To refresh the view of channels that have been updated but do not yet reflect those modifications on the Satellite website, click the Update Errata cache now link on this page. 8.8.1.1. Maintaining the RHN Task Engine The default display shows the status of the RHN Task Engine. This tool is a daemon that runs on the Satellite server itself and performs routine operations, such as database cleanup, Errata mailings, etc., that must be performed in the background.
Chapter 8. Maintenance the RHN website. In the resulting User List, click the name of the user to be removed. This takes you to the User Details page. Click the delete user link at the top-right corner of the page. Figure 8.2. User Deletion A confirmation page appears explaining that this removal is permanent. To continue, click Delete User at the bottom-right corner of the page.
Configuring Satellite Search Figure 8.3. User Delete Confirmation Many other options exist for managing users. You can find instructions for them in the RHN website chapter of the RHN Reference Guide. 8.8.3. Configuring Satellite Search Satellite Administrators may want to configure certain search options to customize search results for their own optimization requirements. RHN Satellite search results can be customized via the /etc/rhn/search.rhn-search.conf file.
Chapter 8. Maintenance • search.errata.advisory_score_threshold : minimum score an errata advisory result needs to be returned back as a query result (.30) • search.min_ngram : minimum length of n-gram characters. Note that any change to this value requires clean-index to be run, and doc-indexes need to be modified and rebuilt) (1) • search.max_ngram : maximum length of n-gram characters.
Enabling Push to Clients Pluggable Authentication Modules (PAM). PAM is a suite of libraries that helps system administrators integrate the Satellite with a centralized authentication mechanism, thus eliminating the need for remembering multiple passwords. RHN Satellite supports LDAP, Kerberos, and other network-based authentication systems via PAM. To enable the Satellite to use PAM and your organization's authentication infrastructure, follow the steps below.
Chapter 8. Maintenance Important SSL must be employed between the Satellite and its clients systems for this feature to work. If the SSL certificates are not available, the daemon on the client system fails to connect. To take advantage of this feature, you must first configure your firewall rules to allow connections on the required port(s), as described in Section 2.4, “Additional Requirements”.
Appendix A. Sample RHN Satellite Configuration File The /etc/rhn/rhn.conf configuration file for the RHN Satellite provides a means for you to establish key settings. Be warned, however, that errors inserted into this file may cause Satellite failures. So make configuration changes with caution. You should be particularly concerned with the following parameters: traceback_mail, default_db, and server.satellite.http_proxy.
78
Appendix B.
80
Index Symbols /etc/nsswitch.conf , 58 /etc/rhn/rhn.
Index osa-dispatcher , 76 osad , 76 P PAM authentication implementation, 74 port 443, 14 port 4545, 14 port 5222, 14 port 5269, 14 port 80, 14 R Red Hat Network introduction, 1 Red Hat Update Agent definition, 2 redundant satellite, 68 requirements, 9 additional, 14 database, 12 DNS, 15 entitlement certificate, 15 firewall rules, 14 FQDN, 15 hardware, 10 jabberd, 15 ntp, 15 software, 9 TCP Ports, 14 RHN components, 3 RHN DB Control backup, 67 options, 65 restore, 67 verify, 67 RHN Entitlement Certificate
