LandmannRed Hat Network Satellite 5.4Client Configuration GuideRed Hat Network SatelliteEdition 2
https://your_proxy_or_sat.your_domain.com/XMLRPC. Retain the /XMLRPC at the end. Whenfinished, click OK.Figure 2.1. Red Hat Updat e Agent GUI Configu
serverURL[comment]=Remote server URLserverURL=https://your_primary.your_domain.com/XMLRPCnoSSLServerURL[comm ent]=Remote server URL without SSLnoSSLSe
The Package Updater Applet stays in the notification tray of the desktop panel and checks for newupdates periodically. T he applet also allows you to
Chapter 3. SSL InfrastructureFor Red Hat Network customers, security concerns are of the utmost importance. One of the strengthsof Red Hat Network is
ImportantThe most critical portion of this system is the CA SSL key pair. From that private key and publiccertificate an administrator can regenerate
The installation procedures of both the RHN Satellite Server and the RHN Proxy Server ensure the CASSL public certificate is deployed to the /pub dire
generation.This set of options must be preceded by the --gen-ca argument:Chapter 3. SSL Infrastructure 13
Table 3.1. SSL Certificate Authority (CA) Options (rhn-ssl-tool --gen-ca --help)Option Description--gen-ca Generate a Certificate Authority (CA) keypa
--key-only Rarely used - Generate only a CA privatekey. Review --gen-ca --key-only --help for more information.--cert-only Rarely used - Generate only
Table 3.2. SSL Web Server Opt ions (rhn-ssl-tool --gen-server --help)Option Description--gen-server Generate the Web server's SSL key set,RPM and
Red Hat Network Satellite 5.4 Client Configuration GuideRed Hat Network SatelliteEdition [email protected] m
-v, --verbose Display verbose messaging. Accumulative -added "v"s result in increasing detail.--key-only Rarely used - Generate only a serve
/usr/share/rhn/RHN-ORG-TRUST ED-SSL-CERTrhn-ca-openssl.cnf — the SSL CA configuration filelatest.txt — always lists the latest versions of the relevan
This public directory can be inspected easily by simply browsing to it via any web browser: http://proxy-or-sat.example.com/pub/.The CA SSL public cer
Chapter 4. Importing Custom GPG KeysFor customers who plan to build and distribute their own RPMs securely, it is strongly recommended thatall custom
Chapter 5. Using RHN BootstrapRed Hat Network provides a tool that automates much of the manual reconfiguration described inprevious chapters: RHN Boo
package (RPM) containing that certificate available on that RHN Server and include it during scriptgeneration with the --ssl-cert option. Refer to Cha
system. Log into each client machine and issue the following command, altering script and hostnameaccordingly:wget -qO - \https://your-satellite.examp
Table 5.1. RHN Bootstrap Opt ionsOption Description-h, --help Display the help screen with a list ofoptions specific to generating thebootstrap script
--no-up2date Not recommended - Boolean; includingthis option ensures up2date will notrun once the system has beenbootstrapped.--pub-tree=PUB_TREE Chan
Chapter 6. Manually Scripting the ConfigurationNote that this chapter provides an alternative to using RHN Bootstrap to generate the bootstrap script.
Legal NoticeCopyright © 2010 Red Hat, Inc.This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 UnportedLicense.
Like its components, this script may be centrally located. By placing this script in the /pub/ directory ofthe server, running wget -O- on it, and pip
Chapter 7. Implementing KickstartObviously, the best time to make configuration changes to a system is when that system is first beingbuilt. For custo
# Generic 7.2 kickstart for laptops in the Widget Corporation (widgetco)# Standard kickstart options for a network-based install. For an# explanation
# --activationkey flag, which describes an activation key. For example,# this activation key could be set up in the Web interface to join this # syste
Sample Bootstrap ScriptThe /var/www/html/pub/bootstrap/bootstrap.sh script generated by the RHN Satellite Serverinstallation program provides the abil
#!/bin/bashecho "RHN Server Client bootstrap script v3.6"# This file was autogenerated. Minor m anual editing of this script (and# possibly
echo " - ACTIVATION_KEYS needs to reflect the activation key(s) value(s)"echo " from the website. XKEY or XKEY,YKEY"echo "
if [ -x /usr/bin/curl ] ; then output=`/usr/bin/curl -k 2>&1` error=`echo $output | grep "is unknown"` if [ -z "$erro
echoecho "* attempting to install corporate public CA cert"if [ $USING_SSL -eq 1 ] ; then if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then rpm
Red Hat Network Satellite 5.4 Client Configuration Guide36
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Revision HistoryRevision 2-2.33.4 00 2013-10-30 Rüdiger LandmannRebuild with publican 4.0.0Revision 2-2.33 2012-07-18 Anthony T ownsRebuild for Public
client configuration- Red Hat Update Agent , The up2date --configure Optionconfiguration- manual, Updating the Configuration Files Manually- scripting
- generating the server certificate, Generating Web Server SSL Key Sets- generation explained, SSL Generation Explained- options, RHN SSL Maintenance
Red Hat Network Satellite 5.4 Client Configuration Guide2
Chapter 1. IntroductionThis best practices guide is intended to help customers of RHN Satellite Server and RHN Proxy Serverconfigure their client syst
Chapter 2. Client ApplicationsIn order to utilize most enterprise-class features of Red Hat Network, such as registering with a RHNSatellite, configur
2.2. Configuring the Client ApplicationsNot every customer must connect securely to a RHN Satellite Server or RHN Proxy Server within theirorganizatio
RHN Proxy Server or RHN Satellite Server. Activation keys can be used to register, entitle, and subscribesystems in a batch. Refer to the section &quo
Komentarze do niniejszej Instrukcji