Red Hat NETWORK 3.6 - Dokumentacja

LandmannRed Hat Network Satellite 5.4Client Configuration GuideRed Hat Network SatelliteEdition 2

https://your_proxy_or_sat.your_domain.com/XMLRPC. Retain the /XMLRPC at the end. Whenfinished, click OK.Figure 2.1. Red Hat Updat e Agent GUI Configu

serverURL[comment]=Remote server URLserverURL=https://your_primary.your_domain.com/XMLRPCnoSSLServerURL[comm ent]=Remote server URL without SSLnoSSLSe

The Package Updater Applet stays in the notification tray of the desktop panel and checks for newupdates periodically. T he applet also allows you to

Chapter 3. SSL InfrastructureFor Red Hat Network customers, security concerns are of the utmost importance. One of the strengthsof Red Hat Network is

ImportantThe most critical portion of this system is the CA SSL key pair. From that private key and publiccertificate an administrator can regenerate

The installation procedures of both the RHN Satellite Server and the RHN Proxy Server ensure the CASSL public certificate is deployed to the /pub dire

generation.This set of options must be preceded by the --gen-ca argument:Chapter 3. SSL Infrastructure 13

Table 3.1. SSL Certificate Authority (CA) Options (rhn-ssl-tool --gen-ca --help)Option Description--gen-ca Generate a Certificate Authority (CA) keypa

--key-only Rarely used - Generate only a CA privatekey. Review --gen-ca --key-only --help for more information.--cert-only Rarely used - Generate only

Table 3.2. SSL Web Server Opt ions (rhn-ssl-tool --gen-server --help)Option Description--gen-server Generate the Web server's SSL key set,RPM and

Red Hat Network Satellite 5.4 Client Configuration GuideRed Hat Network SatelliteEdition [email protected] m

-v, --verbose Display verbose messaging. Accumulative -added "v"s result in increasing detail.--key-only Rarely used - Generate only a serve

/usr/share/rhn/RHN-ORG-TRUST ED-SSL-CERTrhn-ca-openssl.cnf — the SSL CA configuration filelatest.txt — always lists the latest versions of the relevan

This public directory can be inspected easily by simply browsing to it via any web browser: http://proxy-or-sat.example.com/pub/.The CA SSL public cer

Chapter 4. Importing Custom GPG KeysFor customers who plan to build and distribute their own RPMs securely, it is strongly recommended thatall custom

Chapter 5. Using RHN BootstrapRed Hat Network provides a tool that automates much of the manual reconfiguration described inprevious chapters: RHN Boo

package (RPM) containing that certificate available on that RHN Server and include it during scriptgeneration with the --ssl-cert option. Refer to Cha

system. Log into each client machine and issue the following command, altering script and hostnameaccordingly:wget -qO - \https://your-satellite.examp

Table 5.1. RHN Bootstrap Opt ionsOption Description-h, --help Display the help screen with a list ofoptions specific to generating thebootstrap script

--no-up2date Not recommended - Boolean; includingthis option ensures up2date will notrun once the system has beenbootstrapped.--pub-tree=PUB_TREE Chan

Chapter 6. Manually Scripting the ConfigurationNote that this chapter provides an alternative to using RHN Bootstrap to generate the bootstrap script.

Legal NoticeCopyright © 2010 Red Hat, Inc.This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 UnportedLicense.

Like its components, this script may be centrally located. By placing this script in the /pub/ directory ofthe server, running wget -O- on it, and pip

Chapter 7. Implementing KickstartObviously, the best time to make configuration changes to a system is when that system is first beingbuilt. For custo

# Generic 7.2 kickstart for laptops in the Widget Corporation (widgetco)# Standard kickstart options for a network-based install. For an# explanation

# --activationkey flag, which describes an activation key. For example,# this activation key could be set up in the Web interface to join this # syste

Sample Bootstrap ScriptThe /var/www/html/pub/bootstrap/bootstrap.sh script generated by the RHN Satellite Serverinstallation program provides the abil

#!/bin/bashecho "RHN Server Client bootstrap script v3.6"# This file was autogenerated. Minor m anual editing of this script (and# possibly

echo " - ACTIVATION_KEYS needs to reflect the activation key(s) value(s)"echo " from the website. XKEY or XKEY,YKEY"echo "

if [ -x /usr/bin/curl ] ; then output=`/usr/bin/curl -k 2>&1` error=`echo $output | grep "is unknown"` if [ -z "$erro

echoecho "* attempting to install corporate public CA cert"if [ $USING_SSL -eq 1 ] ; then if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then rpm

Red Hat Network Satellite 5.4 Client Configuration Guide36

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Revision HistoryRevision 2-2.33.4 00 2013-10-30 Rüdiger LandmannRebuild with publican 4.0.0Revision 2-2.33 2012-07-18 Anthony T ownsRebuild for Public

client configuration- Red Hat Update Agent , The up2date --configure Optionconfiguration- manual, Updating the Configuration Files Manually- scripting

- generating the server certificate, Generating Web Server SSL Key Sets- generation explained, SSL Generation Explained- options, RHN SSL Maintenance

Red Hat Network Satellite 5.4 Client Configuration Guide2

Chapter 1. IntroductionThis best practices guide is intended to help customers of RHN Satellite Server and RHN Proxy Serverconfigure their client syst

Chapter 2. Client ApplicationsIn order to utilize most enterprise-class features of Red Hat Network, such as registering with a RHNSatellite, configur

2.2. Configuring the Client ApplicationsNot every customer must connect securely to a RHN Satellite Server or RHN Proxy Server within theirorganizatio

RHN Proxy Server or RHN Satellite Server. Activation keys can be used to register, entitle, and subscribesystems in a batch. Refer to the section &quo