Installation Guide
Configuring, registering, and updating Red Hat Satellite Server
Edition 1
Abstract
Preface
1. About This Guide
2. Audience
Chapter 1. Introduction
1.1. About Red Hat Satellite
- Maintain complete control and privacy over package management and server maintenance within their own networks;
- Store System Profiles on a Satellite server, which connects to the Red Hat Network website via a local web server; and,
- Perform package management tasks, including errata updates, through the local area network.
- Embedded Database - One with an embedded database installed on the same machine as the Red Hat Satellite.
- Managed Database - One with a database on a separate machine managed with Red Hat Satellite tools.
- External Database - One with a customer-provided database on a separate machine.
1.2. System Overview
- Database
- Red Hat Satellite uses the following database types:
- Embedded Database - The database comes bundled with Red Hat Satellite and is installed on the same machine as the Satellite during the installation process. The included database is PostgreSQL.
- Managed Database - The database comes bundled with Red Hat Satellite and is installed on a separate machine during the installation process. The included database is PostgreSQL.
- External Database - An organization's existing database or, preferably, a database contained on a separate machine. Red Hat Satellite supports PostgreSQL, Oracle Database 11g (Standard or Enterprise Edition), or Oracle Database 10g Release 2 (Standard or Enterprise Edition) for this database installation type.
- Red Hat Satellite Core
- The core system and entry point for Red Hat Update Agent running on client systems. Red Hat Satellite also includes an Apache HTTP Server, which serves XML-RPC requests.
- Red Hat Satellite Web Interface
- A user interface for advanced system, system group, user, and channel management. The organization configures access to the Red Hat Satellite web interface from the local area network and, optionally, the Internet too. Red Hat Satellite provides an interface similar to the Red Hat Network website and allows full control over client systems, system groups, and users.
- RPM Repository
- Package repository for Red Hat RPM packages and custom RPM packages identified by the organization.
- Management Tools
- The Red Hat Satellite Management Tools synchronize the database and package repository with Red Hat Network. Red Hat Satellite also includes management tools for:
- Database and file system synchronization
- Custom RPM and repository imports
- Channel maintenance (Web-based)
- Errata management (Web-based)
- User management (Web-based)
- Client system and system grouping (Web-based)
- Red Hat Update Agent
- Configure Red Hat Update Agent on client systems to retrieve updates from the organization's internal Red Hat Satellite instead of the central Red Hat Network Servers. After a one-time configuration, client systems retrieve updates locally using the Red Hat Update Agent. System administrators also schedule actions through the Red Hat Satellite Web Interface.When a client requests updates, the organization's internal Red Hat Satellite queries its database, authenticates the client system, identifies the updated packages available for the client system, and sends the requested RPMs back to the client system. The client also installs packages if set in preferences. If the packages are installed, the client system sends an updated package profile to the database on the Red Hat Satellite. Red Hat Satellite then removes these packages from the list of outdated packages for the client.
Important
Red Hat strongly recommends that clients connected to Red Hat Satellite be running the latest update of Red Hat Enterprise Linux to ensure proper connectivity. - Red Hat Satellite Proxy Server
- Red Hat Satellite can be used in conjunction with the Red Hat Satellite Proxy Server to deliver a distributed, self-contained Red Hat Network environment for the organization. For example, an organization can maintain one Red Hat Satellite in a secure location and Red Hat systems connect to it via local network access. Other remote offices maintain Satellite Proxy Server installations that connect to the Red Hat Satellite. The different locations inside the organization require a networked connection, but this can be a private network; an Internet connection is not required for any of the systems. See the Red Hat Satellite Proxy Installation Guide for more information.
Figure 1.1. Using Red Hat Satellite and Red Hat Satellite Proxy Server Together
- Enhanced Entitlements Reporting
- Red Hat Satellite 5 uses channels and system entitlement consumption to manage Red Hat content. Newer entitlement tools that integrate with the Red Hat Customer Portal, such as Red Hat Subscription Asset Manager, use certificate-based entitlements. The rules for these two types of entitlement methods differ.Red Hat Satellite 5.6 and later provides an Enhanced Entitlements Reporting technology that integrates with certificate-based entitlement tools. This provides an overview of entitlement consumption from Satellite 5's system management while using newer certificate-based entitlement rules. This allows administrators to:
- Track entitlement consumption at a detailed level.
- Measure consumption based on socket count, host/guest relationships and channel usage
- Capture historical consumption data to enable system administrators to view which entitlements were consumed at a particular time as well as the status of entitlements at specific points in time.
Important
The Enhanced Entitlements Reporting functionality only provides reports on content consumption. It does not manage content consumption.Important
Enhanced Entitlements Reporting is only available for Red Hat Satellite 5.6 and later.
1.3. Terms to Understand
- Channel
- A Channel is a list of software packages. There are two types of channels: base channels and child channels. A base channel consists of a list of packages based on a specific architecture and Red Hat release. A child channel is a channel associated with a base channel that contains extra packages.
- Organization Administrator
- An Organization Administrator is a user role with the highest level of control over an organization's Red Hat Network account. Members of this role can add other users, systems, and system groups to the organization as well as remove them. A Red Hat Network organization must have at least one Organization Administrator.
- Channel Administrator
- A Channel Administrator is a user role with full access to channel management capabilities. Users with this role are capable of creating channels, assigning packages to channels, cloning channels, and deleting channels. This role can be assigned by an Organization Administrator through the Users tab of the Red Hat Network website.
- Certificate Authority
- A Certificate Authority distributes digital signatures to users as part of public key infrastructure for encrypted authentication and communication.
- Red Hat Update Agent
- The Red Hat Update Agent is the client application that allows users to retrieve and install new or updated packages for its host.
- Traceback
- A Traceback is a detailed error message for troubleshooting the Red Hat Satellite. Red Hat Satellite generates Tracebacks automatically when a critical error occurs and mails the individual(s) designated in the Red Hat Satellite configuration file.
1.4. Summary of Steps
Obtaining Red Hat Satellite
- After an evaluation, contact your Red Hat sales representative to purchase Red Hat Satellite.
- Receive a Red Hat Network Entitlement Certificate and login information for Red Hat Network from your sales representative.
- Log into the Red Hat Customer Portal website (access.redhat.com) and download the distribution ISOs for Red Hat Enterprise Linux and Red Hat Satellite. These can be found on the Download Software page under → → .
- While still logged into the Customer Portal, download the Channel Content ISOs to be served by your Red hat Satellite. These are also available through the Download Software page under → → . These Channel Content ISOs differ from the distribution ISOs previously mentioned in that they contain metadata necessary for parsing and serving packages by Red Hat Satellite.
Preparing Red Hat Satellite
- Check your software requirements. See Section 2.1, “Software Requirements”.
- If installing Red Hat Satellite with an Embedded Database:
- Check that your hardware fits the requirements in Section 2.2, “Red Hat Satellite Server Requirements”.
- If installing Red Hat Satellite with a Managed Database:
- Check that your hardware fits the requirements in Section 2.2, “Red Hat Satellite Server Requirements”.
- Prepare your database instance using the formula provided in Section 2.3.1, “Database Sizing Requirements”.
- Setup the Managed Database before the Red Hat Satellite installation using the instructions in Section 2.3.2, “Managed Database Requirements”.
- If installing Red Hat Satellite with an External Database:
- Check that your hardware fits the requirements in Section 2.2, “Red Hat Satellite Server Requirements”.
- Prepare your database instance using the formula provided in Section 2.3.1, “Database Sizing Requirements”.
- See Section 2.3.3, “External Database Requirements” for other External Database considerations.
Installing Red Hat Satellite
- Install Red Hat Enterprise Linux on the host.
- Check any pre-installation steps before installing Red Hat Satellite.
- Mount the Red Hat Satellite installation media to the host and run the Red Hat Satellite Installation Script.
- Follow the prompts as outlined in the installation instructions.
- Open Red Hat Satellite's web interface in a web browser and create the first user account. This is the Administrator account (also referred to as the Organization Administrator).
- Finalize Red Hat Satellite with any post-installation steps.
Initial Use
- Use the Red Hat Satellite Synchronization Tool to import the channels and associated packages into the Red Hat Satellite.
- Register a representative machine for each distribution type or channel (such as Red Hat Enterprise Linux 5 or 6) to the Red Hat Satellite.
- Copy (using
scp
)rhn_register
configuration files from the/etc/sysconfig/rhn/
directory of each machine individually to the/pub/
directory on the Red Hat Satellite. Therhn-org-trusted-ssl-cert-*.noarch.rpm
will already be there. - Download and install from the Red Hat Satellite the configuration files and
rhn-org-trusted-ssl-cert-*.noarch.rpm
on the remaining client systems of the same distribution type. Repeat this and the previous step until all distribution types are complete. - Through the Red Hat Satellite's web interface, create an Activation Key for each distribution aligned to the appropriate base channel. At this point, system groups and child channels may also be predefined.
- Run the Activation Key from the command line (
rhnreg_ks
) of each client system. Note that this step can be scripted to batch register and reconfigure all remaining client systems in a distribution. - Record all relevant usernames, passwords and other login information and store in multiple secure places.
- Now that the Red Hat Satellite is populated with standard Red Hat channels and packages and all clients are connected to it, begin creating and serving custom channels and packages. Import these custom RPMs into the Red Hat Satellite using Red Hat Network Push and add custom channels in which to store them through the Red Hat Satellite web interface. See the Red Hat Satellite Channel Management Guide for details.
Chapter 2. Requirements
2.1. Software Requirements
- Base operating system
- Red Hat Satellite 5.6 is supported on Red Hat Enterprise Linux 5 or 6. Install the operating system from disc, local ISO image, kickstart, or any other methods that Red Hat supports. Red Hat Enterprise Linux installations require the
@Base
package group with no other package-set modifications, and without third-party configurations or software that is not directly necessary for the direct operation of the server. This restriction includes hardening or other non-Red Hat security software. If such software is required in your infrastructure, first install and verify a complete working Red Hat Satellite first, then create a backup of the system before adding any non-Red Hat software.Before installing a new Red Hat Satellite, make sure to install the latest supported update to Red Hat Enterprise Linux.Red Hat Satellite 5.6 also supports installation on Red Hat Enterprise Linux in any virtualized environment supported by Red Hat, including Xen, KVM, and VMware. Functional support for virtualized environments does not always equal the same performance of running on physical hardware. Make sure to consider your virtual environment's performance and implement any recommended tuning guidelines.When installing Red Hat Enterprise Linux 5 or 6 from CD or ISO image, there is no need to select any package groups; Red Hat Satellite only requires the base operating system installation. When installing the operating system via kickstart, select the@Base
package group.Important
Each purchased Satellite product includes one supported instance of Red Hat Enterprise Linux Server. Install Satellite on a fresh installation of Enterprise Linux where Satellite is the only application and service provided by the OS. Using the Red Hat Enterprise Linux OS included with Satellite to run other daemons, applications, or services within your environment is not supported. - Red Hat Satellite installation media
- Red Hat provides the installation media as a disc or ISO. It contains the Red Hat Satellite Installation Script and all packages required in order to support Red Hat Satellite are installed automatically.
Important
Additional packages beyond@Base
are required to install Red Hat Satellite. The Red Hat Satellite installer will prompt you to either install the listed packages or ask if you want it to download the files. If your system is not registered to Red Hat Network, use the Red Hat Enterprise Linux installation media available during the Red Hat Satellite installation process to install these additional packages as needed.The files necessary for Red Hat Satellite installation are listed in therhelrpms
file located in theupdates
directory on the installation ISO image.Ensure to subscribe the Red Hat Satellite host system to the Red Hat Enterprise Linux Optional channel to resolve package dependencies during installation. - Channel content
- All software packages and data exported for all entitled Red Hat channels. This content is loaded directly on the Red Hat Satellite after installation using the Red Hat Satellite Synchronization Tool.
2.2. Red Hat Satellite Server Requirements
- Red Hat Satellite with Embedded Database - 1 machine
- Red Hat Satellite with Embedded Database and Enhanced Reporting - 2 machines
- Red Hat Satellite with Managed/External Database - 2 machines
- Red Hat Satellite with Managed/External Database and Enhanced Reporting - 3 machines
2.2.1. x86_64 Hardware Requirements
CPU
- Required: Intel dual-core processor, 2.4GHz, 512K cache or equivalent
- Recommended: Intel quad-core processor, 2.4GHz dual processor, 512K cache or equivalent
Memory
- Required: 4 GB of memory
- Recommended: 8 GB of memory
Storage
- 5 GB storage for base installation
- A minimum of 40 GB storage per software channel (including
Base
and child channels), in/var/satellite/
, configurable at install - A minimum of 10 GB storage for cache files stored within
/var/cache/rhn
. See Section 2.4.4, “Caching” for more information. - Strongly Recommended: A SCSI drive connected to a level 5 RAID
Database
- See Section 2.3.1, “Database Sizing Requirements” for standard database requirements.
- Embedded Database: A minimum of 12 GB storage for the database repository in the
/var/lib/pgsql/
partition. - Managed Database: See Section 2.3.2, “Managed Database Requirements”.
- External Database: See Section 2.3.3, “External Database Requirements”.
Important
/var/lib/pgsql/
instead of /rhnsat/
. Take in consideration this change of disk location for Embedded Database files for previous Satellite deployments. Ensure to allocate sufficient disk space for the /var/lib/pgsql/
directory.
Backup
- A separate partition (or better, a separate set of physical disks) for storing backups, which can be any directory specifiable at backup time
- An external SAN for more reliable backups
2.2.2. s/390x Hardware Requirements
CPU
- Required: 1 IFL, either in LPAR configuration or shared through z/VM
- Recommended: 2 or more IFLs on z9 or earlier, 1 or more IFL on z10
Memory
- Required: 4 GB of memory
- Recommended: 8 GB of memory
Storage
- Required:
- 1 GB swap on ECKD DASD
- 1xMod3 ECKD DASD or ≥ 2 GB FCP SCSI LUN for base installation
- A minimum of 40 GB storage per software channel (including
Base
and child channels), in/var/satellite/
, configurable at install - A minimum of 10 GB storage for cache files stored within
/var/cache/rhn
. See Section 2.4.4, “Caching” for more information.
- Recommended:
- 512 MB swap on VDISK + 1 GB swap on ECKD DASD
- 1xMod9 ECKD DASD or ≥ 2 GB multipathed FCP SCSI LUN for base installation
- A minimum of 40 GB storage per software channel (including
Base
and child channels), in/var/satellite/
, configurable at install - A minimum of 10 GB storage for cache files stored within
/var/cache/rhn
. See Section 2.4.4, “Caching” for more information.
Database
- See Section 2.3.1, “Database Sizing Requirements” for standard database requirements.
- Embedded Database: A minimum of 12 GB storage for the database repository in the
/var/lib/pgsql/
partition. - Managed Database: See Section 2.3.2, “Managed Database Requirements”.
- External Database: See Section 2.3.3, “External Database Requirements”.
Important
/var/lib/pgsql/
instead of /rhnsat/
. Take in consideration this change of disk location for Embedded Database files for previous Satellite deployments. Ensure to allocate sufficient disk space for the /var/lib/pgsql/
directory.
Other
- z/VM 5.3 or later for kickstart and provisioning of guests.
- VSWITCH or Hipersocket LAN for high speed connections to guests
2.3. Database Requirements
2.3.1. Database Sizing Requirements
- 250 KiB per client system
- 500 KiB per channel, plus 230 KiB per package in the channel (so a channel with 5000 packages would require 1.1 Gib)
- The number of public Red Hat packages imported (typical: 5000)
- The number of private packages to be managed (typical: 500)
- The number of systems to be managed (typical: 1000)
- The number of packages installed on the average system (typical: 500)
/var/lib/pgsql/data
contains an amount of free space equal to the tablespace size. This free space is used for the db-control restore
command. For example, ensure 12 GB of free space exists for a 12 GB tablespace.
2.3.2. Managed Database Requirements
Note
Procedure 2.1. Installing the Managed Database
- Register to Red Hat Subscription Management. Run the following command to register your system, entering your Customer Portal user name and password when prompted:
# subscription-manager register
The command displays output similar to the following:Registering to: subscription.rhsm.redhat.com:443/subscription Username: user_name Password: password The system has been registered with ID: aa2e5c34-b8d0-4388-b912-6be761c632b1
- Identify and attach the Red Hat Enterprise Linux and Red Hat Satellite subscriptions.List all available subscriptions.
# subscription-manager list --all --available
Attach the subscriptions. If there are multiple subscriptions to be attached, repeat the--pool=pool_id
parameter.# subscription-manager attach --pool=pool_id
- Enable the Red Hat Enterprise Linux repository appropriate to your operating system version.For Red Hat Enterprise Linux 6
# subscription-manager repos --enable rhel-6-server-rpms
For Red Hat Enterprise Linux 5# subscription-manager repos --enable rhel-5-server-rpms
- Mount the Red Hat Satellite installation media.Mount as a CD:
# mkdir /media/cdrom # mount /dev/cdrom /media/cdrom
Mount as an ISO:# mkdir /media/cdrom # mount -o loop iso_filename /media/cdrom
- Change to the mounted directory.
# cd /media/cdrom
- Run the
install.pl
script with the--managed-db
and--disconnected
options.# ./install.pl --managed-db --disconnected
Note
The--disconnected
option is required to prevent the installer attempting to connect to Red Hat Network. - The
install.pl
script asks for the following information.- Database name
- Database user
- Database password
- A comma-separated list of local addresses to listen. Leave blank for all addresses.
- A comma-separated list of remote addresses of Satellite servers, in address/netmask format. The Managed Database allows connections from these addresses.
Database name: mydb Database user: mydbuser Database password: mydbpassword Local addresses to listen on (comma-separated, RETURN for all): 127.0.0.1 Remote addresses to allow connection from (address/netmask format, comma-separated): 192.168.1.10/32 Initializing database: [ OK ] Starting postgresql service: [ OK ]
The script installs the necessary packages for your Managed Database. This includes a set of management tools for database.The script also prepares the database for your Red Hat Satellite installation. - Enable the Managed DB repository according to the Red Hat Enterprise Linux version, and hardware platform.For Red Hat Enterprise Linux 6 and AMD64 and Intel 64
# subscription-manager repos --enable=rhel-6-server-satellite-manageddb-5.6-rpms
For Red Hat Enterprise Linux 6 and IBM System z# subscription-manager repos --enable=rhel-6-system-z-satellite-manageddb-5.6-rpms
For Red Hat Enterprise Linux 5 and AMD64 and Intel 64# subscription-manager repos --enable=rhel-5-server-satellite-manageddb-5.6-rpms
Red Hat Enterprise Linux 5 and IBM System z# subscription-manager repos --enable=rhel-5-system-z-satellite-manageddb-5.6-rpms
- When the script completes, install your Red Hat Satellite using the instructions from Chapter 4, Installation.
2.3.3. External Database Requirements
- PostgreSQL 8.4 or greater
- Oracle Database 11g Standard and Enterprise Edition
- Oracle Database 10g Release 2 Standard and Enterprise Edition
Important
- PostgreSQL Databases to Oracle Databases
- PostgreSQL Embedded Database to PostgreSQL External Database
- PostgreSQL External Database to PostgreSQL Embedded Database
2.3.3.1. PostgreSQL Database Requirements
postgresql-pltcl
package to your system. This package contains the PL/Tcl procedural language for PostgreSQL, which Satellite's audit logging features require. To install this package, log in to your External Database server and run the following command:
# yum install postgresql-pltcl
Note
postgresql84-pltcl
package.
/var/lib/pgsql/data/postgresql.conf
, set the following parameters:
#shared_buffers = 24MB maintenance_work_mem = 224MB checkpoint_completion_target = 0.7 effective_cache_size = 2560MB work_mem = 6MB wal_buffers = 4MB checkpoint_segments = 8 shared_buffers = 896MB max_connections = 600 listen_addresses = '*' bytea_output = 'escape'
Note
bytea_output
parameter sets the correct encoding for bytea datatypes. Without this parameter, Satellite's Taskomatic service fails.
# service postgresql92-postgresql restart
2.3.3.2. Oracle Database Requirements
- ALTER SESSION
- CREATE SEQUENCE
- CREATE SYNONYM
- CREATE TABLE
- CREATE VIEW
- CREATE PROCEDURE
- CREATE TRIGGER
- CREATE TYPE
- CREATE SESSION
- Security Identifier (SID)
- Listener Port
- Username
- UTF-8 character set
- Uniform Extent Size
- Auto Segment Space Management
Important
Important
2.4. Additional Requirements
2.4.1. Firewall
Port | Protocol | Direction | Reason |
---|---|---|---|
67 | TCP/UDP | Inbound | Open this port to configure the Red Hat Satellite as a DHCP server for systems requesting IP addresses. |
69 | TCP/UDP | Inbound | Open this port to configure Red Hat Satellite as a PXE server and allow installation and re-installation of PXE-boot enabled systems. |
80 | TCP | Outbound | Red Hat Satellite uses this port to reach Red Hat Network. |
80 | TCP | Inbound | Web UI and client requests come in via http. |
443 | TCP | Inbound | Web UI and client requests come in via https. |
443 | TCP | Outbound | Red Hat Satellite uses this port to reach Red Hat Network (unless running in a disconnected mode for Satellite). |
4545 | TCP | Inbound and Outbound | Red Hat Satellite Monitoring makes connections to rhnmd running on client systems, if Monitoring is enabled and probes are configured for registered systems. |
5222 | TCP | Inbound | This port pushes actions to client systems. |
5269 | TCP | Inbound and Outbound | This port pushes actions to Red Hat Proxy Server. |
5432 | TCP | Inbound and Outbound | This is a requirement for communication with a PostgreSQL database server if using an External Database or Managed Database. |
rhn.redhat.com
xmlrpc.rhn.redhat.com
satellite.rhn.redhat.com
content-xmlrpc.rhn.redhat.com
content-web.rhn.redhat.com
content-satellite.rhn.redhat.com
2.4.2. File Permissions
umask
is a Linux command that sets a file permissions mask for new files. This helps secure the file permissions for new files created on a system. However, users with a restrictive umask
value might experience problems with installation and operation of Red Hat Satellite.
umask
value is 022
.
2.4.3. SELinux Policy
targeted
policy in enforcing
or permissive
mode on Red Hat Enterprise Linux 5 and 6.
2.4.4. Caching
/var/satellite/
, Red Hat Satellite requires space to generate cache files. These cache files are constantly regenerated as they become needed, even if the cache files are deleted. These cache files are stored within /var/cache/rhn
, and the storage needs of this directory depend on the following factors:
- How many channels you synchronize or import from Red Hat or Channel dumps.
- How many custom packages and channels you have.
- Whether or not you are using Red Hat Satellite Synchronization.
/var/cache/rhn/
on a Red Hat Satellite server. For very large environments with numerous channels, packages, and using Inter Satellite Sync, usage can grow to as much as 100 GB of space for cache files in /var/cache/rhn
.
2.4.5. DMZ Proxy Solution
rhn.redhat.com
, xmlrpc.rhn.redhat.com
, and satellite.rhn.redhat.com
). To ensure correct functioning of the system, do not restrict access to these hosts and ports. If required, use an http or https proxy by issuing the satellite-sync --http-proxy
command.
rhnmd
running on client systems if Monitoring is enabled and probes are configured for registered systems.
jabberd
service on Red Hat Satellite and Red Hat Proxy Server, respectively. In addition, it needs to allow inbound connections on port 5222 from client systems directly registered to Red Hat Satellite. This is used for one-way (client to server) communications between the osad
service on client systems and the jabberd
service on the Red Hat Satellite.
2.4.6. Synchronized System Times
2.4.7. Setting System Language and Locale
/etc/sysconfig/i18n
file. The LANG
setting in the file must be in the following format:
LANG="[language_TERRITORY].UTF-8"
language
and TERRITORY
are entered as two-letter codes. For example if your language is English and your locale is the United States, you set your LANG
setting to en_US.UTF-8
.
2.4.8. Fully Qualified Domain Name
# hostname -all-fqdns
Important
jabberd
to fail.
2.4.9. Functioning Domain Name Service (DNS)
2.4.10. Red Hat Network Account
Warning
- Red Hat Enterprise Linux - Optional Packages
- Red Hat Enterprise Linux - Supplementary Packages
- Red Hat Developer Suite
- Red Hat Application Server
- Red Hat Extras
- JBoss product channels
2.4.11. Backups of Login Information
access.redhat.com
, the primary administrator account on the Red Hat Satellite itself, SSL certificate generation, and database connection (which also requires an SID, or net service name). Red Hat strongly recommends you copy this information to removable storage media, print out on paper, and store in a fireproof safe.
2.4.12. Channel Content ISOs
2.4.13. Service Access
chkconfig
.
- jabberd
- postgresql (for Embedded Database Installation)
- tomcat6 (for installation on Red Hat Enterprise Linux 6)
- httpd
- osa-dispatcher
- Monitoring
- MonitoringScout
- rhn-search
- cobblerd
- taskomatic
2.4.14. Perl Interpreter
perl --version
. If the output includes the text command not found
, install a Perl interpreter.
# yum install perl
Chapter 3. Entitlement Certificate
Important
Procedure 3.1. Creating a New Entitlement Certificate
- Navigate to access.redhat.com in your web browser.
- Log in using your Red Hat customer account details.
- Navigate to.
- Scroll to the Manage section and click Satellite in the list of Subscription Management Applications.
- Click.
- Type a Name for your Satellite.
- Select your Satellite version.
Important
Choose the correct version at this step. Each version of Satellite uses a slightly different format for the certificate. - Click Register.
- Click Attach a subscription.Select the checkbox for the desired subscription. Enter the quantity
1
in the Quantity input box. Click Attach Selected to add these subscriptions to the entitlement certificate. - Click Download Satellite Certificate and save the file containing the entitlement certificate.
Chapter 4. Installation
4.1. Prerequisites
4.1.1. Base Operating System
- Allocate plenty of space to the partitions storing data. The default location for channel packages is
/var/satellite/
. For Red Hat Satellite with Embedded Database, remember the database itself is within the/var/lib/pgsql/
directory. - Enable Network Time Protocol (NTP) on Red Hat Satellite and, if it exists, the database server then select the appropriate time zone. Make sure all client have the
ntpd
daemon running and set it to the correct time zone. - It is strongly advised that the
/home/
partition is locally mounted. - Register to Red Hat Subscription Management. Once installation of the base operating system is complete, run the following command to register your system, entering your Customer Portal user name and password when prompted:
# subscription-manager register
The command displays output similar to the following:Registering to: subscription.rhsm.redhat.com:443/subscription Username: user_name Password: password The system has been registered with ID: aa2e5c34-b8d0-4388-b912-6be761c632b1
- Identify and attach the Red Hat Enterprise Linux and Red Hat Satellite subscriptions.List all available subscriptions.
# subscription-manager list --all --available
Attach the subscriptions. If there are multiple subscriptions to be attached, repeat the--pool=pool_id
parameter.# subscription-manager attach --pool=pool_id
- Enable the Red Hat Enterprise Linux repository appropriate to your version and architecture.For Red Hat Enterprise Linux 6 (on AMD64 or Intel 64)
# subscription-manager repos --enable=rhel-6-server-rpms
For Red Hat Enterprise Linux 5 (on AMD64 or Intel 64)# subscription-manager repos --enable=rhel-5-server-rpms
For Red Hat Enterprise Linux 6 (On System Z architecture)# subscription-manager repos --enable=rhel-6-for-system-z-rpms
For Red Hat Enterprise Linux 5 (On System Z architecture)# subscription-manager repos --enable=rhel-5-for-system-z-rpms
4.1.2. Mounting the Installation Media
Procedure 4.1. Mounting from a disc
- Log into the machine as
root
. - Insert the Red Hat Satellite Server CD or DVD containing the installation files.
- Red Hat Enterprise Linux might automount the disc. If so, it mounts the disc to the
/media/cdrom/
directory. If Red Hat Enterprise Linux does not automount the disc, manually mount it to the/media/cdrom/
directory with the following commands:# mkdir /media/cdrom # mount /dev/cdrom /media/cdrom
Procedure 4.2. Mounting from an ISO image
- Log into the machine as
root
. - Download the ISO image from the Red Hat Customer Portal.
- Mount the ISO image to a location on your filesystem:
# mkdir /media/cdrom # mount -o loop iso_filename /media/cdrom
/media/cdrom/
. Use this location to access the Red Hat Satellite Installation Script.
4.1.3. Obtaining an Entitlement Certificate
Important
4.2. Pre-Installation
/media/cdrom/
. The installation media contains the install.pl
Installation Script.
4.2.1. Options for the Installation Script
install.pl
Installation Script:
Option | Usage |
---|---|
--help | Prints the help message. |
--answer-file=<filename> | Indicates the location of an answer file to be use for answering questions asked during the installation process. |
--non-interactive | For use only with --answer-file . If the --answer-file does not provide a required response, exit instead of prompting the user. |
--re-register | Register the system with Red Hat Network, even if it is already registered. |
--external-oracle | Install Red Hat Satellite with an external Oracle database. |
--external-postgres | Install Red Hat Satellite with an external PostgreSQL database. |
--managed-db | Install a PostgreSQL Managed Database. |
--disconnected | Install Red Hat Satellite in disconnected mode. |
--clear-db | Clear any pre-existing database schema before installing. This will destroy any data in the database and re-create an empty schema. |
--skip-system-version-test | Do not test the Red Hat Enterprise Linux version before installing. |
--skip-selinux-test | Do not check to make sure SELinux is disabled. |
--skip-fqdn-test | Do not verify that the system has a valid hostname. Red Hat Satellite requires that the hostname be properly set during installation. Using this option may result in a Satellite server that is not fully functional. |
--skip-db-install | Do not install the embedded database. This option may be useful if you are reinstalling the satellite, and do not want to clear the database. |
--skip-db-diskspace-check | Do not check to make sure there is enough free disk space to install the embedded database. |
--skip-db-population | Do not populate the database schema. |
--skip-gpg-key-import | Do not import Red Hat's GPG key. |
--skip-ssl-cert-generation | Do not generate the SSL certificates for the Red Hat Satellite. |
--run-updater | Do not ask to install needed packages from Red Hat Network, if the system is registered. |
4.2.2. Automated Red Hat Satellite Server Installation
answers.txt
file found in the install/
directory of the CD or ISO.
Procedure 4.3. Installing with an Answers File
- Copy the example
answers.txt
file to/tmp/answers.txt
# cp answers.txt /tmp/answers.txt
- Edit the file and add your organization's desired options.
- Once the answer file is ready, use the
--answer-file
option when starting the installation process from the command line:# ./install.pl --answer-file=/tmp/answers.txt --disconnected
The Red Hat Satellite Installation Script looks for answers in the file. For any option not filled out in the file, the Installation Script prompts the user for the missing information.Note
The--disconnected
option is required to prevent the installer attempting to connect to Red Hat Network.
4.2.3. Installing Behind a HTTP Proxy: Pre-Configuration
rhn.conf
file to control its connection settings, there is no way to add options to that file prior to installation of Red Hat Satellite. If your network is behind an HTTP proxy in your organization, you cannot activate the Red Hat Satellite at installation time. A workaround to this issue is to first perform a disconnected installation of Red Hat Satellite, then switch the configuration to a connected method after installation is completed. The following demonstrates the initial steps to creating a connected Red Hat Satellite installation behind an HTTP proxy:
Procedure 4.4. Installing Red Hat Satellite behind an HTTP Proxy - Pre-Configuration
- Complete a minimal installation of Red Hat Enterprise Linux.
- Configure the system so that it can connect to Red Hat Network behind the HTTP proxy. Edit the file
/etc/sysconfig/rhn/up2date
as follows:enableProxy=1 enableProxyAuth=1 httpProxy=<http-proxy-fqdn> proxyUser=<proxy-username> proxyPassword=<proxy-password>
- Register the system to Red Hat Network.
- Begin the installation of Red Hat Satellite with the disconnected option:
./install.pl --disconnected
4.3. Installation Script Process
/media/cdrom/
. The installation media contains the install.pl
Installation Script.
4.3.1. Running the Installer Script
root
user.
Warning
Procedure 4.5. Running Installation Script
- Run the installer script with an option to install with either Embedded Database, Managed Database, or External Database.Regardless of which database option is used, the
--disconnected
option is required to prevent the installer attempting to connect to Red Hat Network.- Embedded Database - From the
/media/cdrom/
directory, enter the following command to start the Installation Script:# ./install.pl --disconnected
- Managed Database - From the
/media/cdrom/
directory, enter the following command to start the Installation Script:# ./install.pl --external-postgresql --disconnected
Make sure you have completed the Managed Database requirements before running this command. See Section 2.3.2, “Managed Database Requirements” for these requirements. - External Database - From the
/media/cdrom/
directory, enter one of the following commands to start the Installation Script:For a PostgreSQL External Database:# ./install.pl --external-postgresql --disconnected
For an Oracle External Database:# ./install.pl --external-oracle --disconnected
- The script first completes prerequisite checks. These checks determine all prerequisites from Chapter 2, Requirements are met before proceeding with the installation.
* Starting the Red Hat Satellite installer. * Performing pre-install checks. * Pre-install checks complete. Beginning installation. * RHN Registration. ** Registration: Disconnected mode. Not registering with RHN.
The Satellite registration with Red Hat Network does not apply, because the installer is being run in disconnected mode. - The installer then continues to install its prerequisite packages. Reply
y
to the promptDo you want the installer to resolve dependencies [y/N]?
.* Checking for uninstalled prerequisites. ** Checking if yum is available ... There are some packages from Red Hat Enterprise Linux that are not part of the @base group that Satellite will require to be installed on this system. The installer will try resolve the dependencies automatically. However, you may want to install these prerequisites manually. Do you want the installer to resolve dependencies [y/N]?y * Installing RHN packages. . . * Now running spacewalk-setup. * Setting up Selinux..
4.3.2. Database Configuration
tail
in a separate window to monitor the /var/log/rhn/install_db.log
file.
If you are installing Red Hat Satellite with an Embedded Database, this process is automatic.
** Database: Setting up database connection for PostgreSQL backend. ** Database: Installing the database: ** Database: This is a long process that is logged in: ** Database: /var/log/rhn/install_db.log *** Progress: # ** Database: Installation complete. ** Database: Populating database. *** Progress: ###################################
If you are installing Red Hat Satellite with a Managed Database or External Database, the script prompts for connection details to the database.
** Database: Setting up database connection for PostgreSQL backend. Hostname (leave empty for local)? mydb.example.com Port [5432]? Database? db Username? dbuser Password? password ** Database: Populating database. *** Progress: ###################################
Important
4.3.3. Initial Configuration
/root/.gnupg/
directory, if required.
* Setting up users and groups. ** GPG: Initializing GPG and importing key.
You must enter an email address. Admin Email Address? admin@example.com * Performing initial configuration.
4.3.4. Entitlement Certificate Configuration
* Activating Red Hat Satellite. Where is your satellite certificate file? /root/example.cert ** Loading Red Hat Satellite Certificate. ** Verifying certificate locally. ** Activating Red Hat Satellite.
4.3.5. CA Certificate Configuration
y
to the question Should setup configure apache's default ssl server for you?
, then provide the following information as prompted.
- CA cert
- Enter a password for the certificate.
- Organization
- Enter the name of your organization.
- Organization Unit
- Enter the name of your department within your organization.
- Email Address
- Enter an email address to be associated with this certificate, such as the admin email entered in the steps above.
- City
- Enter your city.
- State
- Enter your state.
- Country
- Enter your country. The country code must be exactly two letters, or the certificate generation fails. Type
?
to see a list of country codes.
* Enabling Monitoring. * Configuring apache SSL virtual host. Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]? ** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave * Configuring tomcat. ** /etc/sysconfig//tomcat6 has been backed up to tomcat6-swsave ** /etc/tomcat6//server.xml has been backed up to server.xml-swsave ** /etc/tomcat6//web.xml has been backed up to web.xml-swsave * Configuring jabberd. * Creating SSL certificates. CA certificate password? Re-enter CA certificate password? Organization? Red Hat Organization Unit [satellite.example.com]? Sales Email Address [admin@example.com]? City? Raleigh State? NC Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US
4.3.6. Cobbler Configuration
tftpd
and xinitd
services enabled and running. If you will be using this feature, reply y
.
* Setting up Cobbler.. cobblerd does not appear to be running/accessible Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]?
4.3.7. Installation Complete
* Final configuration. * Restarting services. Installation complete. Visit https://satellite.example.com to create the satellite administrator account.
4.4. Post-Installation
4.4.1. Enable Satellite 5 Repository
# subscription-manager repos --enable rhel-6-server-satellite-5.6-rpms
# subscription-manager repos --enable rhel-5-server-satellite-5.6-rpms
4.4.2. Upgrading the Satellite 5 Database Schema
# yum check-update
satellite-schema
package, complete the procedure detailed in How do I upgrade the database schema of a Red Hat Satellite server?.
4.4.3. Update Packages
# yum update
4.4.4. Switch Satellite to Connected Mode
Procedure 4.6. Switch to Connected Mode
- Edit the Red Hat Network configuration file
/etc/rhn/rhn.conf
and make the following changes: - Edit the
server.satellite.rhn_parent
line as follows.# server.satellite.rhn_parent = satellite.rhn.redhat.com
- Change the line
disconnected=1
todisconnected=0
.disconnected=0
- Validate the configuration changes.
# spacewalk-cfg-get get server disconnected
The expected output is0
, confirming that disconnected mode is not enabled.# spacewalk-cfg-get get server.satellite rhn_parent
The expected output issatellite.rhn.redhat.com
.
- Reactivate the Satellite Server.
# rhn-satellite-activate -vvv --rhn-cert=Satellite-56.cert RHN_PARENT: satellite.rhn.redhat.com
Therhn-satellite-activate
command requires as input the certificate downloaded in Section 4.1.3, “Obtaining an Entitlement Certificate”. In this example, the certificate was saved in fileSatellite-56.cert
.When the Satellite Server is reactivated, you may see the messageERROR: Server not registered? No systemid: /etc/sysconfig/rhn/systemid
. This can be safely ignored because thesystemid
file is the Red Hat Network system ID and no longer relevant.
4.4.5. Installing Behind a HTTP Proxy: Post-Configuration
/etc/rhn/rhn.conf
file:
server.satellite.http_proxy = <http-proxy-fqdn> server.satellite.http_proxy_username = <proxy-username> server.satellite.http_proxy_password = <proxy-password> disconnected=0
/etc/rhn/rhn.conf
file to include the parent parameter satellite.rhn.redhat.com
:
server.satellite.rhn_parent = satellite.rhn.redhat.com
Note
Administrator
privileges. Browse to → → . From here, enter the HTTP Proxy settings, and toggle the Disconnected Red Hat Satellite option.
# rhn-satellite restart
# rhn-satellite-activate --rhn-cert=<path-to-cert>
4.4.6. Create Administrator User
4.4.7. Finalize Configuration
4.4.7.1. General Configuration
4.4.7.2. Certificate
4.4.7.3. Bootstrap Script
/var/www/html/pub/bootstrap/
directory of Red Hat Satellite, significantly reduces the effort involved in reconfiguring all systems, which by default obtain packages from the central Red Hat Network Servers. The required fields are pre-populated with values derived from previous installation steps. Ensure this information is accurate.
4.4.8. Organizations
4.4.9. Restart
4.4.10. Cobbler Rebuild
4.4.11. Message Transfer Agent (MTA) Configuration
Note
4.4.11.1. Sendmail
- Create a symbolic link allowing sendmail to run the notification enqueuer with the following command:
# ln -s /usr/bin/ack_enqueuer.pl /etc/smrsh/.
- Edit the
/etc/aliases
file on the mail server and add the following line:rogerthat01: | /etc/smrsh/ack_enqueuer.pl
- Edit the
/etc/mail/sendmail.mc
file and change:"DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl"
to:"DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl"
- Process the alias with the following command:
# newaliases
- Update the
sendmail-cf
package:# yum update sendmail-cf
- Restart sendmail:
# service sendmail restart
4.4.11.2. Postfix
- Create a symbolic link allowing postfix to run the notification enqueuer with the following command:
# ln -s /usr/bin/ack_enqueuer.pl /etc/smrsh/.
- Edit the
/etc/aliases
file on the mail server and add the following line:rogerthat01: | /etc/smrsh/ack_enqueuer.pl
- Ensure the following line exists in your
/etc/postfix/main.cf
file and change:inet_interfaces = all
- Process the alias with the following command:
# newaliases
- Restart postfix:
# service postfix restart
4.4.12. MySQL Installation for Monitoring
mysql-server
package either through the Red Hat Network website or with yum
.
mysql-server
package to be installed and run successfully. Once finished, use your Red Hat Satellite to schedule MySQL probes.
Chapter 5. Entitlements
5.1. Red Hat Satellite Activate
rhn-satellite-activate
). This tool is included with the installation as part of the spacewalk-backend-tools
package.
rhn-satellite-activate
tool offers several command line options for activating Red Hat Satellite using its Red Hat Entitlement Certificate:
Option | Description |
---|---|
-h , --help | Display the help screen with a list of options. |
--sanity-only | Confirm certificate sanity. Does not activate the Red Hat Satellite locally or remotely. |
--disconnected | Activates locally but not on remote Red Hat servers. |
--rhn-cert=/PATH/TO/CERT | Uploads new certificate and activates the Red Hat Satellite based upon the other options passed (if any). |
--systemid=/PATH/TO/SYSTEMID | For testing only - Provides an alternative system ID by path and file. The system default is used if not specified. |
--no-ssl | For testing only - Disable SSL. |
rhn-satellite-activate
command.
5.2. Activate Red Hat Satellite with a New Entitlement Certificate
- Validate the Red Hat Satellite Entitlement Certificate's sanity (or usefulness).
- Insert the Red Hat Satellite Entitlement Certificate into the local database to activate the Satellite
- Activate Red Hat Satellite remotely by inserting the Red Hat Entitlement Certificate into the central Red Hat database. This is typically accomplished during local activation but might require a second step if you chose the
--disconnected
option.
Procedure 5.1. Activating Red Hat Satellite with a New Entitlement Certificate
- To validate the Red Hat Entitlement Certificate's sanity only:
rhn-satellite-activate --sanity-only --rhn-cert=/path/to/demo.cert
- To validate the Red Hat Entitlement Certificate and populate the local database:
rhn-satellite-activate --disconnected --rhn-cert=/path/to/demo.cert
Or to validate the Red Hat Entitlement Certificate and populate both the local and the Red Hat database:rhn-satellite-activate --rhn-cert=/path/to/demo.cert
5.3. Entitlement Certificate Expiration
- Red Hat Satellite remains active, but content cannot be synchronized with the Red Hat Content Delivery Network.
- A banner displays on the Overview page for each user that logs into Red Hat Satellite's web interface. This banner states the certificate has expired.
- Once a day, for all seven days, the Red Hat Satellite Administrator receives an email notification regarding certificate expiration.
rhn-satellite-activate
. During this period, Satellite has limited functionality mainly for entitlement changes and operates in a read only mode.
5.4. Enhanced Entitlements Reporting
Note
5.4.1. Enhanced Entitlements Reporting Requirements
- Server 1: Red Hat Satellite 5.6 or later
- Server 2: Red Hat Subscription Asset Manager (SAM) 1.3 or later
Important
5.4.2. Summary of Enhanced Entitlement Reporting Configuration
- Installation of a Red Hat Satellite 5.6 server
- See Chapter 4, Installation for installation steps.
- Installation and Configuration of a Subscription Asset Manager server
- Install a Subscription Asset Manager (SAM) 1.3 server on a different server from Satellite 5.6. When installing from ISO, make sure to run the
install_packages
script with the--enhanced_reporting
to install the SAM 1.3 with Enhanced Entitlements Reporting:# mkdir /mnt/cdrom # mount -o loop SAM.iso /mnt/cdrom # cd /mnt/cdrom # ./install_packages --enhanced_reporting # katello-configure --deployment=sam --user-pass=PASSWORD # chkconfig mongod on # service mongod start
Alternatively, to install the Subscription Asset Manager (SAM) 1.3 server usingyum
, run the following:# yum install katello-headpin-all splice spacewalk-splice-tool ruby193-rubygem-splice_reports # katello-configure --deployment=sam --user-pass=PASSWORD # chkconfig mongod on # service mongod start
Replace PASSWORD with a password of your choice. This password is required in later steps of Enhanced Entitlements Reporting configuration.The SAM server contains all the tools necessary to collect reporting information from the Satellite 5.6 server. For more information on SAM installation, see the Using Subscription Asset Manager guide for version 1.3.See Section 5.4.3, “Configuring Servers for Enhanced Entitlements Reporting” for further configuration steps.Important
Do not create organizations in Subscription Asset Manager when using in conjunction with Red Hat Satellite 5.6. Thespacewalk-splice-tool
creates the required organizations automatically. - Downloading Entitlement Certificate and Subscription Manifest
- Register your Satellite 5.6 server on the Subscription Management Applications page of the Red Hat Customer Portal. This provides you with an Entitlement Certificate and a Subscription Manifest, both of which contain entitlements information for your Satellite 5.6 server. See Chapter 3, Entitlement Certificate for steps on generating an Entitlement Certificate and Subscription Manifest pair.
- Upload the Entitlement Certificate on your Satellite 5.6 server.
- Upload the Subscription Manifest on your SAM server. See Section 5.4.4, “Downloading an Enhanced Entitlements Subscription Manifest” and Section 5.4.5, “Uploading a Subscription Manifest to Subscription Asset Manager” for these steps.
5.4.3. Configuring Servers for Enhanced Entitlements Reporting
Procedure 5.2. To Configure Servers for Enhanced Entitlements Reporting
- Access the terminal on your SAM server using
root
permissions. - Generate an SSH key pair on the SAM server:
[root@sam13] # su - splice -s /bin/sh -c 'ssh-keygen -t rsa -f /var/lib/splice/id_rsa-sat -N ""'
Make a note of the content of the public key file:[root@sam13] # cat /var/lib/splice/id_rsa-sat.pub
- Access the terminal on your Satellite 5 server using
root
permissions. - Create a new
swreport
user on the Satellite 5 machine and provide the user with a.ssh
directory.[root@sat56] # useradd swreport [root@sat56] # mkdir /home/swreport/.ssh
- Append the
/home/swreport/.ssh/authorized_keys
file with the contents of the/var/lib/splice/id_rsa-sat.pub
file on your chosen Subscription Management Application. - Prepend the SAM public key content in
/home/swreport/.ssh/authorized_keys
with the following:command="/usr/bin/spacewalk-report $SSH_ORIGINAL_COMMAND"
This ensures theswreport
user only uses thespacewalk-report
command. - Set permissions and the SELinux content on the
.ssh
directory andauthorized_keys
file for theswreport
user.[root@sat56] # chown -R swreport:swreport /home/swreport/.ssh [root@sat56] # chmod 700 /home/swreport/.ssh [root@sat56] # chmod 600 /home/swreport/.ssh/authorized_keys [root@sat56] # restorecon -R /home/swreport/.ssh
- The
swreport
user requires permissions to read rhn.conf and connect to the database. Add this user to theapache
group.[root@sat56] # gpasswd -a swreport apache
- Test your connection. Switch to the Subscription Asset Manager server and run the following command:
[root@sam13] # su - splice -s /bin/bash [splice@sam13] # ssh -i /var/lib/splice/id_rsa-sat swreport@sat56-hostname splice-export
Substitute sat56-hostname for the hostname of the Subscription Asset Manager server.Important
This command is required to accept the Satelite 5 server's fingerprint. - Edit the
/etc/splice/checkin.conf
on the Subscription Asset Manager server.[root@sam13] # vi /etc/splice/checkin.conf
- Edit the following sections:
[spacewalk] host=hostname ssh_key_path=/var/lib/splice/id_rsa-sat login=swreport [katello] hostname=localhost port=443 proto=https api_url=/sam admin_user=admin admin_pass=password
Substitute hostname for the hostname of the Satellite 5 server and password for your SAM administration password. Enter the location of the SAM SSH key for thessh_key_path
parameter. Save your changes. - Run
spacewalk-splice-checkin
tool as thesplice
user to generate organizations from the Satellite 5 server.[root@sam13] # su - splice -s /bin/bash [splice@sam13] $ spacewalk-splice-checkin
spacewalk-splice-checkin
tool also runs as a cronjob on the Subscription Asset Manager server. It reads system and channel data from the Satellite 5 server's spacewalk-report
tool and pushes the data into the SAM database. Subscription Asset Manager then provides reports to display entitlement consumption for the current state of the systems in Satellite 5 along with historical data.
5.4.4. Downloading an Enhanced Entitlements Subscription Manifest
Note
Procedure 5.3. To Download an Enhanced Entitlements Manifest
- Navigate to the Red Hat Customer Portal (
access.redhat.com
) in your web browser. - Navigate to→ → .
- Click the Satellite tab.
- Click the name of the Red Hat Satellite 5 server.
- Click the Download manifest button and choose a location to save your manifest.
Important
The Download manifest button is only available if subscriptions are attached. Ensure to add subscriptions to your manifest by clicking the Attach a subscription link.
Important
spacewalk-splice-tool
.
5.4.5. Uploading a Subscription Manifest to Subscription Asset Manager
Procedure 5.4. Upload Subscription Manifest
- Log in to your Subscription Asset Manager as an administrative user.
- Make sure you set the organization to the root organization from your Satellite 5 server.
- Click the→ → menu.
- Click thelink.
- On the Subscription Manifest Import tab, click the Browse button to specify the location of the manifest.
- Click the Upload button to upload the subscription manifest.
The subscription manifest is uploaded.
5.4.6. Splitting Subscriptions between Organizations
Procedure 5.5. To Split Subscriptions between Organizations
- Log in to your Subscription Asset Manager as an administrative user.
- Using the organization drop-down menu, set the organization to the root organization from your Satellite 5 server.
- Navigate to→ → .
- Click a distributor that represents the chosen organization to receive subscriptions.
- In the right window, scroll to Available Sunscriptions and select the subscriptions and quantity to attach.
- Click the Attach button at the bottom of the window.
- Using the organization drop-down menu, change to the organization with the newly attached subscriptions.
- Navigate to→ → .
- Click thelink.
- Click thebutton.
The root organization has assigned subscriptions to another organization from Satellite 5.
5.4.7. Viewing Enhanced Entitlements Reports in Subscription Asset Manager
Procedure 5.6. To View Enhanced Entitlements Reports in Subscription Asset Manager
- Log in to your Subscription Asset Manager as an administrative user.
- Navigate to→ .
- The Filter Criteria page appears. Choose a report and click Run Report.
Chapter 6. Content and Synchronization
- A successful Red Hat Satellite installation.
- The Red Hat Satellite requires access to one of the following content sources:
- The Red Hat Network website over the Internet.
- Red Hat Network Channel Content ISOs.
- Red Hat Satellite Exporter data.
6.1. Red Hat Satellite Synchronization Tool
satellite-sync
) enables an Red Hat Satellite to update its database metadata and RPM packages with various sources.
Important
satellite-sync
imports a large amount of data, especially on newly installed Red Hat Satellite servers. If your database has performance issues after a significant amount of data changes, consider gathering statistics on the database.
# satellite-sync
channel-families
- Import/synchronize channel family (architecture) data.channels
- Import/synchronize channel data.rpms
- Import/synchronize RPMs.packages
- Import/synchronize full package data for those RPMs retrieved successfully.errata
- Import/synchronize errata information.
rpms
step automatically ensures the channels
and channel-families
steps execute first. To initiate an individual step, use the --step
option.
# satellite-sync --step=rpms
--step
, the Red Hat Satellite Synchronization Tool provides other command line options. To use them, insert the option and the appropriate value after the satellite-sync
command when launching import/synchronization.
Option | Description |
---|---|
-h , --help | Display this list of options and exit. |
-d= , --db=DB | Include alternate database connect string: username/password@SID. |
-m= , --mount-point=MOUNT_POINT | Import/synchronization from local media mounted to the Red Hat Satellite server. Use in closed environments (such as those created during disconnected installs). |
--list-channels | List all available channels and exit. |
-c CHANNEL , --channel=CHANNEL_LABEL | Process data for this channel only. Multiple channels can be included by repeating the option. If no channels are specified, Red Hat Satellite updates all channels. |
-p, --print-configuration | Print the current configuration and exit. |
--no-ssl | Not Advisable - Turn off SSL. |
--step=STEP_NAME | Perform the synchronization process only to the step specified. Typically used in testing. |
--no-rpms | Do not retrieve actual RPMs. |
--no-packages | Do not process full package data. |
--no-errata | Do not process errata information. |
--no-kickstarts | Do not process kickstart data (provisioning only). |
--force-all-packages | Forcibly process all package data without conducting a diff. |
--debug-level=LEVEL_NUMBER | Override the amount of messaging sent to log files and generated on the screen set in /etc/rhn/rhn.conf , 0-6 (2 is default). |
--email | Email a report of what was imported/synchronized to the designated recipient of traceback email. |
--traceback-mail=TRACEBACK_MAIL | Direct synchronization output (from --email ) to this email address. |
-s= , --server=SERVER | Include the hostname of an alternative server to connect to for synchronization. |
--http-proxy=HTTP_PROXY | Add an alternative HTTP proxy server in the form hostname:port. |
--http-proxy-username=PROXY_USERNAME | Include the username for the alternative HTTP proxy server. |
--http-proxy-password=PROXY_PASSWORD | Include the password for the alternative HTTP proxy server. |
--ca-cert=CA_CERT | Use an alternative SSL CA certificate by including the full path and filename. |
--systemid=SYSTEM_ID | For debugging only - Include path to alternative digital system ID. |
--batch-size=BATCH_SIZE | For debugging only - Set maximum batch size in percent for XML/database-import processing. Open man satellite-sync for more information. |
6.2. Synchronization with Local Media
6.2.1. Preparing for Import from Local Media
Procedure 6.1. Obtain the Channel Content ISOs
- Log into the web interface.
- Click Channels in the top navigation bar.
- Click on the Red Hat Satellite channel. Ensure you select the Satellite channel that corresponds to your version of Satellite.
- Click the Downloads tab and use the instructions on the page to obtain the Channel Content ISOs, available by version of Red Hat Enterprise Linux.
- If the desired Channel Content ISOs do not appear, ensure your Red Hat Entitlement Certificate has been uploaded to Red Hat Network and correctly identifies the target channels.
Procedure 6.2. Mount and copy Channel Content ISOs
- Log into the machine as root.
- Create a directory in
/mnt/
to store the file(s) with the command:# mkdir /mnt/import/
- Mount the ISO file using the following command:
# mount [iso_filename] /mnt/import -o loop
- Create a target directory for the files:
# mkdir /var/rhn-sat-import/
- This sample command assumes the administrator wants to copy the contents of the ISO (mounted in
/mnt/import/
) into/var/rhn-sat-import/
:# cp -ruv /mnt/import/* /var/rhn-sat-import/
- Then unmount
/mnt/import
in preparation for the next ISO:# umount /mnt/import
- Repeat these steps for each Channel Content ISO of every channel to be imported.
6.2.2. Import from Local Media
/var/rhn-sat-import
.
- List the channels available for import.
# satellite-sync --list-channels --mount-point /var/rhn-sat-import
- Initiate the import of a specific channel using a channel label presented in the previous list.
# satellite-sync -c [channel-label] --mount-point /var/rhn-sat-import
Note
Importing package data can take up to two hours per channel. Register systems to channels as soon as they appear in the Red Hat Satellite web interface. No packages are necessary for registration, although updates cannot be retrieved from the Satellite until the channel is completely populated. - Repeat this step for each channel or include them all within a single command by passing each channel label preceded with an additional
-c
flag, like so:# satellite-sync -c [channel-label-1] -c [channel-label-2] --mount-point /var/rhn-sat-import
# cd /var/rhn-sat-import/; ls -alR | grep rpm
/var/rhn-sat-import/
repository.
# rm -rf /var/rhn-sat-import
6.3. Synchronization via Export
rhn-satellite-exporter
) tool exports content listing in an XML format, which a user imports into another Red Hat Satellite. Export the content into a chosen directory with the -d
option, transport the directory to another Red Hat Satellite, and use the Red Hat Satellite Synchronization Tool to import the contents. This synchronizes the two Red Hat Satellites so they contain identical content.
- Channel Families
- Architectures
- Channel metadata
- Blacklists
- RPMs
- RPM metadata
- Errata
- Kickstarts
- A successful Red Hat Satellite installation.
- Sufficient disk space in the directory specified in the
-d
option. This directory will contain the exported contents.
6.3.1. Performing an Export
root
:
# rhn-satellite-exporter -d /var/rhn-sat-export --no-errata --channel [channel_name]
rsync
or scp -r
.
rhn-satellite-exporter
command.
Option | Description |
---|---|
-d DIRECTORY, --dir=DIRECTORY | Place the exported information into this directory. |
-c CHANNEL_LABEL , --channel=CHANNEL_LABEL | Process data for this specific channel (specified by label) only. NOTE: the channel's *label* is NOT the same as the channel's *name*. |
--list-channels | List all available channels and exit. |
--list-steps | List all of the steps that rhn-satellite-exporter takes while exporting data. These can be used as values for --step. |
-p --print-configuration | Print the configuration and exit. |
--print-report | Print a report to the terminal when the export is complete. |
--no-rpms | Do not retrieve actual RPMs. |
--no-packages | Do not export RPM metadata. |
--no-errata | Do not process errata information. |
--no-kickstarts | Do not process kickstart data (provisioning only). |
--debug-level=LEVEL_NUMBER | Override the amount of messaging sent to log files and generated on the screen set in /etc/rhn/rhn.conf , 0-6 (2 is default). |
--start-date=START_DATE | The start date limit that the last modified dates are compared against. Must be in the format YYYYMMDDHH24MISS (for example, 20071225123000 ) |
--end-date=END_DATE | The end date limit that the last modified dates are compared against. Must be typed in the format YYYYMMDDHH24MISS (for example, 20071231235900 ) |
--make-isos=MAKE_ISOS | Create a channel dump ISO directory called satellite-isos (for example, --make-isos=cd or dvd ) |
--email | Email a report of what was exported and what errors may have occurred. |
--traceback-mail=EMAIL | Alternative email address for --email. |
--db=DB | Include alternate database connect string: username/password@SID. |
--hard-links | Export the RPM and kickstart files with hard links to the original files. |
rhn-satellite-exporter
to export data depends on the number and size of the exported channels. The --no-packages
, --no-kickstarts
, --no-errata
, and --no-rpms
options reduce the amount of time required for rhn-satellite-exporter
to run, but also prevents export of potentially useful information. For that reason, only use these options when certain the content is not required and can be excluded. Additionally, use the matching options for satellite-sync
when importing the data. For example, if you use --no-kickstarts
with rhn-satellite-exporter
, specify the same --no-kickstarts
option when importing the data.
6.3.2. Moving Exported Data
Procedure 6.3. Moving Exporter Content
- Log into the machine as
root
. - Create a target directory for the files, such as:
# mkdir /var/rhn-sat-import/
- Make the export data available on the local machine in the directory created in the previous step. Either copy the data directly, or mount the data from another machine using NFS. Copy the data into the new directory with the following command:
# scp -r root@storage.example.com:/var/rhn-sat-export/* /var/rhn-sat-import
6.3.3. Performing an Import
/var/rhn-sat-import
.
- List the channels available for import with the command:
# satellite-sync --list-channels --mount-point /var/rhn-sat-import
- Initiate the import of a specific channel using a channel label presented in the previous list. Run the following command :
# satellite-sync -c [channel-label] --mount-point /var/rhn-sat-import
Note
Importing package data can take up to two hours per channel. Register systems to channels as soon as they appear in the Red Hat Satellite web interface. No packages are necessary for registration, although updates cannot be retrieved from the Satellite until the channel is completely populated.Repeat this step for each channel or include them all within a single command by passing each channel label preceded by an additional-c
flag:# satellite-sync -c channel-label-1 -c channel-label-2 -mount-point /var/rhn-sat-import
- The population of channels executes until completion. Verify all of the packages are moved out of the repository with the following command:
# cd /var/rhn-sat-import/; ls -alR | grep rpm
If all RPMs are installed and moved to their permanent locations, the count appears as zero. If so, remove the temporary/var/rhn-sat-import/
repository.# rm -rf /var/rhn-sat-import
6.4. Synchronization with Red Hat Network
satellite-sync
command also synchronizes a connected Red Hat Satellite with Red Hat Network over the Internet. This updates database metadata and RPM packages directly from the Red Hat Network servers.
Procedure 6.4. Synchronize with Red Hat Network
- List available channels on your connected Red Hat Satellite using the
--list-channels
command.# satellite-sync --list-channels
- Synchronize with a Red Hat Network channel using the
-c
option.# satellite-sync -c [channel-label]
satellite-sync
options, see Section 6.1, “Red Hat Satellite Synchronization Tool”.
Chapter 7. Upgrades
Important
7.1. Upgrade Requirements
- An updated Red Hat Satellite certificate
- The Red Hat Satellite Upgrade Package (
rhn-upgrade
) - The installation media for the latest version of Red Hat Satellite
Procedure 7.1. Preparing for Red Hat Satellite Upgrade
Obtain Red Hat Satellite Certificate and installation media from the Red Hat Customer Portal
- Obtain a Red Hat Satellite certificate from the Red Hat Customer Portal at https://access.redhat.com/home under → → .
- Save this certificate on your Red Hat Satellite server.
Obtain Red Hat Satellite Upgrade Package (
rhn-upgrade
)- Ensure the Satellite is registered to the Red Hat Satellite Channel.
- Install the
rhn-upgrade
package with the following command:# yum install rhn-upgrade
This package installs scripts and a comprehensive set of instructions for a Red Hat Satellite upgrade within the/etc/sysconfig/rhn/satellite-upgrade
directory.
Obtain Installation Media
- Obtain a Red Hat Satellite 5.6 ISO from the Red Hat Customer Portal at https://access.redhat.com/home under Downloads.
- Download this ISO to your Red Hat Satellite server.
7.2. Upgrading Red Hat Satellite to a New Version
Important
/etc/sysconfig/rhn/satellite-upgrade/README
file in the rhn-upgrade
package.
Procedure 7.2. Upgrade Red Hat Satellite
- Mount the ISO as specified in Section 4.1.2, “Mounting the Installation Media”
- Change your directory to the mounted ISO and run the Installer Program using the
--upgrade
option.# cd /mount/cdrom # ./install.pl --upgrade
Important
Use additional options if your Red Hat Satellite is disconnected or using a Managed Database or External Database. For more information, read Section 4.2.1, “Options for the Installation Script”. - Disable all services on the Red Hat Satellite server:
# /usr/sbin/rhn-satellite stop
Important
The next step upgrades the database schema. Ensure the database is running on your Managed Database or External Database. If using an Embedded Database, ensure the database is running via the following command:# service postgresql start
- Upgrade the database with
spacewalk-schema-upgrade
:# /usr/bin/spacewalk-schema-upgrade
Important
Make sure to backup your database before upgrading. - Activate the Red Hat Satellite. If using a connected Satellite:
# rhn-satellite-activate --rhn-cert [PATH-TO-NEW-CERT] --ignore-version-mismatch
If disconnected, run:# rhn-satellite-activate --rhn-cert [PATH-TO-NEW-CERT] --disconnected --ignore-version-mismatch
- Rebuild search indexes with the following command:
# service rhn-search cleanindex
This command cleans the search indexes for therhn-search
service and then restart it. - Enable Monitoring and Monitoring Scout. To enable Monitoring without enabling Monitoring Scout, run the following command:
# /usr/share/spacewalk/setup/upgrade/rhn-enable-monitoring.pl
To enable both Monitoring and Monitoring Scout, run the following command:# /usr/share/spacewalk/setup/upgrade/rhn-enable-monitoring.pl --enable-scout
- Restart all Red Hat Satellite services:
# /usr/sbin/rhn-satellite restart
Note
Chapter 8. Maintenance
8.1. Managing Red Hat Satellite with rhn-satellite
rhn-satellite
) to stop, start, or retrieve status information from these various services. This tool accepts all of the standard service commands:
/usr/sbin/rhn-satellite start /usr/sbin/rhn-satellite stop /usr/sbin/rhn-satellite restart /usr/sbin/rhn-satellite reload /usr/sbin/rhn-satellite enable /usr/sbin/rhn-satellite disable /usr/sbin/rhn-satellite status
rhn-satellite
to control Red Hat Satellite's operation and retrieve status messages from all services at once.
8.2. Performing Critical Updates to the Server
yum update
on the Red Hat Satellite or use the website at https://access.redhat.com to apply the updates.
Important
httpd
service upon installation. Conducting a full update of the Red Hat Satellite Server (such as with the command yum update
) might cause Apache to fail. To avoid this, make sure to restart the httpd
service after upgrading it.
Warning
8.3. Changing the Red Hat Satellite Hostname
spacewalk-utils
package contains the spacewalk-hostname-rename
script.
spacewalk-hostname-rename
script, you must first ensure that you know your SSL CA passphrase by performing the following command:
# openssl rsa -in path/RHN-ORG-PRIVATE-SSL-KEY
spacewalk-hostname-rename
requires one mandatory argument, which is the IP address of the Red Hat Satellite server, regardless of whether the IP address will change along with the hostname or not.
spacewalk-hostname-rename
is as follows:
spacewalk-hostname-rename <ip address> [ --ssl-country=<country> --ssl-state=<state>\ --ssl-org=<organization/company> --ssl-orgunit=<department> --ssl-email=<email address> --ssl-ca-password=<password>]
spacewalk-hostname-rename
generates a new certificate.
spacewalk-hostname-rename
, see the following Red Hat Knowledgebase entry:
8.4. Conducting Red Hat Satellite-Specific Tasks
8.4.1. Deleting Users
- Click Users in the top navigation bar of the Red Hat Network website.
- Click the name of the user to be removed.
- Click the delete user link at the top-right corner of the page.
- A confirmation page appears explaining that this removal is permanent. To continue, clickat the bottom-right corner of the page.
Note
8.4.2. Configuring Red Hat Satellite Search
/usr/share/rhn/config-defaults/rhn_search.conf
file. The following list defines the search configuration and their default values in parentheses.
- search.index_work_dir
- Specifies where Lucene indexes are kept (
/usr/share/rhn/search/indexes
). - search.rpc_handlers
- Semi-colon separated list of classes to act as handlers for XMLRPC calls.
(filename>index:com.redhat.satellite.search.rpc.handlers.IndexHandler, db:com.redhat.satellite.search.rpc.handlers.DatabaseHandler, admin:com.redhat.satellite.search.rpc.handlers.AdminHandler)
- search.max_hits_returned
- Maximum number of results which will be returned for the query (
500
). - search.connection.driver_class
- JDBC driver class to conduct database searches (
oracle.jdbc.driver.OracleDriver
). - search.score_threshold
- Minimum score a result needs to be returned back as query result (
.10
). - search.system_score_threshold
- Minimum score a system search result needs to be returned back as a query result (
.01
). - search.errata_score_threshold
- Minimum score an errata search result needs to be returned back as a query result (
.20
). - search.errata.advisory_score_threshold
- Minimum score an errata advisory result needs to be returned back as a query result (
.30
). - search.min_ngram
- Minimum length of n-gram characters. Note that any change to this value requires
clean-index
to be run, and doc-indexes need to be modified and rebuilt (1
). - search.max_ngram
- Maximum length of n-gram characters. Note that any change to this value requires
clean-index
to be run, and doc-indexes need to be modified and rebuilt (5
). - search.doc.limit_results
- Type
true
to limit the number of results both on search.score_threshold and restrict max hits to be below search.max_hits_returned; typefalse
means to return all documentation search matches (false
). - search.schedule.interval
- Input the time in milliseconds to control the interval with which the SearchServer polls the database for changes; the default is 5 minutes (
300000
). - search.log.explain.results
- Used during development and debugging. If set to true, this will log additional information showing what influences the score of each result (
false
).
8.5. Automating Synchronization
root
:
crontab -e
Note
EDITOR
variable, like so: export EDITOR=gedit
. Choosing a graphical editor will require an enabled graphical interface.
0 1 * * * perl -le 'sleep rand 9000' && satellite-sync --email >/dev/null \ 2>/dev/null
stdout
and stderr
from cron
to prevent duplicating the more easily read messages from satellite-sync
. Use other options from Table 6.1, “satellite-sync
Options” if necessary.
8.6. Implementing PAM Authentication
Note
pam-devel
package.
# yum install pam-devel
selinux-policy-targeted
package.
# yum update selinux-policy-targeted
Procedure 8.1. Configuring Red Hat Satellite to use PAM
- Set the
allow_httpd_mod_auth_pam
SELinux boolean to on:# setsebool -P allow_httpd_mod_auth_pam 1
- Open the
/etc/rhn/rhn.conf
file in your preferred text editor, and add the following line:pam_auth_service = rhn-satellite
Create a PAM service file in the/etc/pam.d/
directory:# touch /etc/pam.d/rhn-satellite
- Edit the file and add one of the following, depending on your authentication method:
Example 8.1. SSSD Authentication
#%PAM-1.0 auth required pam_env.so auth sufficient pam_sss.so auth required pam_deny.so account sufficient pam_sss.so account required pam_deny.so
Example 8.2. Kerberos Authentication
#%PAM-1.0 auth required pam_env.so auth sufficient pam_krb5.so no_user_check auth required pam_deny.so account required pam_krb5.so no_user_check
Example 8.3. LDAP Authentication
#%PAM-1.0 auth required pam_env.so auth sufficient pam_ldap.so no_user_check auth required pam_deny.so account required pam_ldap.so no_user_check
For more detail about configuring PAM, see the Pluggable Authentication Modules (PAM) in the Red Hat Enterprise Linux Deployment Guide.Note
For Kerberos-authenticating users, change the password by usingkpasswd
. Do not change the password on Red Hat Satellite web application as this method only changes the local password on the Satellite server. Local passwords are not in use if PAM is enabled for that user. - Restart the service to pick up the changes:
# rhn-satellite restart
- To enable a user to authenticate against PAM, select the checkbox labeled Pluggable Authentication Modules (PAM). It is positioned below the password and password confirmation fields on the Create User page.
8.7. Enabling Push to Clients
osa-dispatcher
) provides support for this feature.
jabberd
to the osad instances running on the clients.
Important
osa-dispatcher
package, which is contained in the Red Hat Satellite software channel for on the Customer Portal. Once installed, start the service on the Satellite as root
using the following command:
service osa-dispatcher start
osad
package on all client systems to receive pushed actions. Find this package within the Red Hat Network Tools child channel on the Red Hat Satellite.
Warning
osad
package on the Red Hat Satellite server. This package conflicts with the osa-dispatcher
package installed on the server.
root
using the command:
service osad start
osa-dispatcher
and osad
accept stop
, restart
, and status
commands, as well.
8.8. Maintaining the Database
# su postgres - bash-4.1$ psql -d rhnschema -c 'VACUUM;' bash-4.1$ exit
postgres
user to access the Satellite 5 database (rhnschema
) and perform a VACUUM
on the database tables. This reclaims storage that dead tuples occupy. Deleted or obsolete tuples are not usually physically removed from their table and remain present until performing a VACUUM
.
Chapter 9. Migrating from RHN to RHSM
Warning
- Procedure 9.1, “ Upgrading the Satellite 5 Database Schema ” (if required).
Procedure 9.1. Upgrading the Satellite 5 Database Schema
- On the Satellite 5 server, list packages for which updates are applicable.
# yum check-update
If there is an update pending for thesatellite-schema
package, complete the procedure detailed in How to upgrade the database schema of a Red Hat Satellite 5 server.
Procedure 9.2. Removing the Satellite 5 Subscription from Red Hat Network
- Open a web browser, log into the Red Hat Customer Portal, click Subscriptions, click Satellite in the list of Subscription Management Applications, then click on the Satellite tab.
- Find the desired Satellite instance in the list, and click on the host name.
Figure 9.1. Details of the Satellite 5 Subscription
- Click the check box beside the Red Hat Satellite subscription to be migrated, click , then click to confirm.
Warning
Remove only the Red Hat Satellite subscription. All other subscriptions must remain.The successful removal of the Red Hat Satellite subscription is confirmed by the message: The subscription(s) you selected have been removed. - Clickand save the certificate file locally.The Satellite 5 entitlement certificate, contained in the file downloaded, is required in Procedure 9.3, “ Migrating the Satellite 5 Registration ”.
Procedure 9.3. Migrating the Satellite 5 Registration
- Record the Red Hat Network username which was used to register the Red Hat Enterprise Linux instance. This username and its password is required by the migration script.
# grep -A1 name\>username /etc/sysconfig/rhn/systemid
In this example, the username isadmin@example.com
.<name>username</name> <value><string>admin@example.com</string></value>
- On the Satellite 5 server, ensure that all packages are current.
# yum update
- Confirm the version of the
spacewalk-backend
package is at version2.0.3-42
or higher.Note
If this is the Managed DB host, skip this step.# rpm -q spacewalk-backend spacewalk-backend-2.0.3-42.el6sat.noarch
Warning
If version 2.0.3-42 (or higher) ofspacewalk-backend
package is not available, or cannot be installed, do NOT proceed with the migration. Contact Red Hat Support for assistance. - Install the packages
subscription-manager
andsubscription-manager-migration
.Thesubscription-manager-migration
package contains the Satellite 5 subscription script.# yum install subscription-manager # yum install subscription-manager-migration
- Run the Satellite 5 Red Hat Network to Red Hat Subscription Manager migration script.
# rhn-migrate-classic-to-rhsm Legacy username: Red Hat Network username Legacy password: Red Hat Network password
TheLegacy username
andLegacy password
are the same credentials which were used to register the server to Red Hat Network. The username was obtained in the prior step.Example output fromrhn-migrate-classic-to-rhsm
.Retrieving existing legacy subscription information... +-----------------------------------------------------+ System is currently subscribed to these legacy channels: +-----------------------------------------------------+ rhel-x86_64-server-6 redhat-rhn-satellite-5.6-server-x86_64-6 +-----------------------------------------------------+ Installing product certificates for these legacy channels: +-----------------------------------------------------+ rhel-x86_64-server-6 redhat-rhn-satellite-5.6-server-x86_64-6 Product certificates installed successfully to /etc/pki/product. Preparing to unregister system from legacy server... System successfully unregistered from legacy server. Attempting to register system to destination server... Registering to: subscription.rhsm.redhat.com:443/subscription The system has been registered with ID: 284e025c-4a60-4084-b49c-4cb26fd7cf93 Installed Product Current Status: Product Name: Red Hat Enterprise Linux Server Status: Subscribed Product Name: Red Hat Satellite Status: Subscribed System 'satellite.example.com' successfully registered.
The messageSystem 'satellite.example.com' successfully registered.
confirms that the Satellite 5 system's migration to Red Hat Subscription Manager has been successful. In this example, the Satellite 5 server has been given a Red Hat Subscription Management UUID of284e025c-4a60-4084-b49c-4cb26fd7cf93
. - Disable all repositories.
# subscription-manager repos --disable '*'
- Enable only the following repositories.For Red Hat Enterprise Linux 6
# subscription-manager repos --enable rhel-6-server-rpms # subscription-manager repos --enable rhel-6-server-satellite-5.6-rpms
For Red Hat Enterprise Linux 5# subscription-manager repos --enable rhel-5-server-rpms # subscription-manager repos --enable rhel-5-server-satellite-5.6-rpms
- Reactivate the Satellite 5 instance.
Note
If this is the Managed DB host, skip this step.Therhn-satellite-activate
command requires the certificate downloaded in Procedure 9.2, “ Removing the Satellite 5 Subscription from Red Hat Network ”. In this example, the certificate was saved in fileSatellite-56.cert
.# rhn-satellite-activate -vvv --rhn-cert=Satellite-56.cert RHN_PARENT: satellite.rhn.redhat.com
When the Satellite Server is reactivated, you may see the following error message. This is expected, and can be safely ignored, because thesystemid
file is the Red Hat Network system ID. The system ID file is deleted when the host's registration is migrated to Red Hat Subscription Manager.ERROR: Server not registered? No systemid: /etc/sysconfig/rhn/systemid
- If Satellite is installed on Red Hat Enterprise Linux 6, optionally remove the packages which were previously used to communicate with Red Hat Network.
Warning
Do not remove the packages if Satellite is installed on Red Hat Enterprise Linux 5. Removing these packages from Red Hat Enterprise Linux 5 will result in the failure of Satellite.# yum remove yum-rhn-plugin rhn-check rhn-setup rhnsd
Appendix A. Example Red Hat Satellite Installation Topologies
- The total number of client systems to be served by the Red Hat Satellite.
- The maximum number of clients expected to connect concurrently to the Red Hat Satellite.
- The number of custom packages and channels to be served by the Red Hat Satellite.
- The number of Red Hat Satellites being used in the customer environment.
- The number of Red Hat Proxy Servers being used in the customer environment.
A.1. Single Red Hat Satellite Topology
Figure A.1. Single Red Hat Satellite Topology
A.2. Multiple Red Hat Satellite Horizontally Tiered Topology
rhn-satellite-exporter
and satellite-sync -m
commands. Alternatively, the Inter-Satellite Sync 2 feature is designed for this purpose.
Figure A.2. Multiple Red Hat Satellite Horizontally Tiered Topology
A.3. Red Hat Satellite-to-Proxy Vertically Tiered Topology
Figure A.3. Red Hat Satellite-to-Proxy Vertically Tiered Topology
Appendix B. Sample Red Hat Satellite Configuration File
/etc/rhn/rhn.conf
configuration file for the Red Hat Satellite provides a means for you to establish key settings. Be warned, however, that errors inserted into this file may cause Satellite failures. So make configuration changes with caution.
#/etc/rhn/rhn.conf example for a Red Hat Satellite #------------------------------------------------- # Destination of all tracebacks, such as crash information, etc. traceback_mail = test@pobox.com, test@redhat.com mount_point = /var/satellite kickstart_mount_point = /var/satellite repomd_cache_mount_point = /var/cache server.satellite.rhn_parent = satellite.rhn.redhat.com # Use proxy FQDN, or FQDN:port server.satellite.http_proxy = server.satellite.http_proxy_username = server.satellite.http_proxy_password = server.satellite.ca_chain = /usr/share/rhn/RHNS-CA-CERT # Use these options if this server is intended to be a slave. # Name of parent for ISS. # # If left blank rhn_parent is taken by default. # # This option can be overriden on satellite-sync command line. iss_parent = iss_ca_chain = /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT # Use this option if this server is intended to be a master # Comma separated list of allowed iss slaves, like: # allowed_iss_slaves=slave1-satellite.redhat.com,slave2-satellite.redhat.com allowed_iss_slaves= # Completely disable ISS. # If set to 1, then no slave will be able to sync from this server # this option does not affect ability to sync to this server from # another spacewalk (or hosted). disable_iss=0 db_backend = postgresql db_user = rhnuser db_password = rhnpw db_name = rhnschema db_host = db_port = server.nls_lang = english.UTF8 hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect hibernate.connection.driver_class=org.postgresql.Driver hibernate.connection.driver_proto=jdbc:postgresql web.satellite = 1 web.satellite_install = web.session_swap_secret_1 = 9c3da20106d2968d838ee0e8a0431d25 web.session_swap_secret_2 = 9d6dcb05f90586c9aa0cba72328f9abb web.session_swap_secret_3 = 296ddef52ea5df4bc5ee666a238c0454 web.session_swap_secret_4 = 0863e7427021c045fe4c19dbd3db1900 session_secret_1 = 2ae50e0414ecc9d42e15fece90cce4b5 session_secret_2 = da2abb2f77c328f879d7b4f24a2d68fa session_secret_3 = 60531c88064d0d00edbfe683a1c962da session_secret_4 = 1af4c9e335d427761d17bb93d051df87 server.secret_key = d8e7f083a9c40bf76d09c38fb5d0e52b encrypted_passwords = 1 web.param_cleansers = RHN::Cleansers->cleanse web.base_acls = RHN::Access web.restrict_mail_domains = web.ssl_available = 1 web.is_monitoring_backend = 1 web.is_monitoring_scout = 1 # OSA configuration # server.jabber_server = sat560.usersys.redhat.com osa-dispatcher.jabber_server = sat560.usersys.redhat.com # set up SSL on the dispatcher osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT # Enable Solaris support web.enable_solaris_support = 0 # force removing entitlements from systems when modifying multiorg entitlements # below the current usage amount. web.force_unentitlement=0 # system snapshots enabled enable_snapshots = 1 #cobbler host name cobbler.host = sat560.usersys.redhat.com #option generated from rhn-config-satellite.pl web.subscribe_proxy_channel=1 #option generated from rhn-config-satellite.pl force_package_upload=1 #option generated from rhn-config-satellite.pl enable_nvrea=0 #option generated from rhn-config-satellite.pl web.default_mail_from=RHN Satellite dev-null@localhost #option generated from rhn-config-satellite.pl web.l10n_resourcebundles=com.redhat.rhn.frontend.strings.jsp.StringPackage,com.redhat.rhn.frontend.strings.java.StringPackage,com.redhat.rhn.frontend.strings.database.StringPackage,com.redhat.rhn.frontend.strings.nav.StringPackage,com.redhat.rhn.frontend.strings.template.StringPackage,com.redhat.rhn.branding.strings.StringPackage #option generated from rhn-config-satellite.pl product_name=RHN Satellite #option generated from rhn-config-satellite.pl web.version=5.6.0 beta #option generated from rhn-config-satellite.pl disconnected=1
Appendix C. Revision History
Revision History | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
Revision 4-41 | Tue Sep 19 2017 | |||||||||
| ||||||||||
Revision 4-40 | Sat Jul 22 2017 | |||||||||
| ||||||||||
Revision 4-39 | Fri Apr 28 2017 | |||||||||
| ||||||||||
Revision 4-38 | Wed Sep 9 2015 | |||||||||
| ||||||||||
Revision 4-37 | Thu Aug 20 2015 | |||||||||
| ||||||||||
Revision 4-36 | Mon Aug 17 2015 | |||||||||
| ||||||||||
Revision 4-35 | Wed May 27 2015 | |||||||||
| ||||||||||
Revision 4-34 | Tue Mar 17 2015 | |||||||||
| ||||||||||
Revision 4-33 | Fri Oct 17 2014 | |||||||||
| ||||||||||
Revision 4-32 | Mon Mar 31 2014 | |||||||||
| ||||||||||
Revision 4-31.400 | 2013-10-31 | |||||||||
| ||||||||||
Revision 4-31 | Fri Sep 27 2013 | |||||||||
| ||||||||||
Revision 4-30 | Wed Sep 18 2013 | |||||||||
| ||||||||||
Revision 4-29 | Tue Sep 17 2013 | |||||||||
| ||||||||||
Revision 4-28 | Mon Sep 16 2013 | |||||||||
| ||||||||||
Revision 4-27 | Thu Sep 12 2013 | |||||||||
| ||||||||||
Revision 4-26 | Thu Sep 12 2013 | |||||||||
| ||||||||||
Revision 4-25 | Thu Sep 12 2013 | |||||||||
| ||||||||||
Revision 4-24 | Wed Sep 11 2013 | |||||||||
| ||||||||||
Revision 4-23 | Tue Sep 10 2013 | |||||||||
| ||||||||||
Revision 4-22 | Mon Sep 9 2013 | |||||||||
| ||||||||||
Revision 4-21 | Mon Sep 9 2013 | |||||||||
| ||||||||||
Revision 4-20 | Mon Sep 9 2013 | |||||||||
| ||||||||||
Revision 4-19 | Mon Sep 9 2013 | |||||||||
| ||||||||||
Revision 4-18 | Mon Sep 9 2013 | |||||||||
| ||||||||||
Revision 4-17 | Mon Sep 9 2013 | |||||||||
| ||||||||||
Revision 4-16 | Mon Sep 9 2013 | |||||||||
| ||||||||||
Revision 4-15 | Sun Sep 8 2013 | |||||||||
| ||||||||||
Revision 4-14 | Sun Sep 8 2013 | |||||||||
| ||||||||||
Revision 4-13 | Fri Sep 6 2013 | |||||||||
| ||||||||||
Revision 4-12 | Thu Aug 29 2013 | |||||||||
| ||||||||||
Revision 4-11 | Tue Aug 27 2013 | |||||||||
| ||||||||||
Revision 4-10 | Wed Aug 21 2013 | |||||||||
| ||||||||||
Revision 4-9 | Tue Aug 20 2013 | |||||||||
| ||||||||||
Revision 4-8 | Sun Jul 28 2013 | |||||||||
| ||||||||||
Revision 4-7 | Sun Jul 28 2013 | |||||||||
| ||||||||||
Revision 4-6 | Sun Jul 28 2013 | |||||||||
| ||||||||||
Revision 4-5 | Wed Jul 24 2013 | |||||||||
| ||||||||||
Revision 4-4 | Tue Jul 23 2013 | |||||||||
| ||||||||||
Revision 4-3 | Fri Jul 19 2013 | |||||||||
| ||||||||||
Revision 4-2 | Fri Jul 12 2013 | |||||||||
| ||||||||||
Revision 4-1 | Thu Jul 11 2013 | |||||||||
| ||||||||||
Revision 4-0 | Fri Jul 5 2013 | |||||||||
| ||||||||||
Revision 3-19 | Wed Jan 2 2013 | |||||||||
| ||||||||||
Revision 3-18 | Thu Sept 27 2012 | |||||||||
| ||||||||||
Revision 3-17 | Wed Sept 19 2012 | |||||||||
| ||||||||||
Revision 3-16 | Thu Aug 22 2012 | |||||||||
| ||||||||||
Revision 3-15 | Thu Aug 22 2012 | |||||||||
| ||||||||||
Revision 3-14 | Wed Aug 21 2012 | |||||||||
| ||||||||||
Revision 3-13 | Tue Aug 21 2012 | |||||||||
| ||||||||||
Revision 3-12 | Tue Aug 21 2012 | |||||||||
| ||||||||||
Revision 3-11 | Tue Aug 21 2012 | |||||||||
| ||||||||||
Revision 3-10 | Tue Aug 21 2012 | |||||||||
| ||||||||||
Revision 3-9 | Tue Aug 21 2012 | |||||||||
| ||||||||||
Revision 3-8 | Mon Aug 20 2012 | |||||||||
| ||||||||||
Revision 3-7 | Mon Aug 20 2012 | |||||||||
| ||||||||||
Revision 3-6 | Mon Aug 13 2012 | |||||||||
| ||||||||||
Revision 3-5 | Mon Aug 13 2012 | |||||||||
| ||||||||||
Revision 3-4 | Mon Aug 06 2012 | |||||||||
| ||||||||||
Revision 3-2 | Mon Aug 06 2012 | |||||||||
| ||||||||||
Revision 3-1 | Wed Jul 11 2012 | |||||||||
| ||||||||||
Revision 3-0 | Tue May 22 2012 | |||||||||
| ||||||||||
Revision 2-8 | Wed Jan 4 2012 | |||||||||
| ||||||||||
Revision 2-7 | Wed Jan 4 2012 | |||||||||
| ||||||||||
Revision 2-6 | Wed Oct 26 2011 | |||||||||
| ||||||||||
Revision 2-5 | Mon Aug 15 2011 | |||||||||
| ||||||||||
Revision 2-4 | Wed Jul 6 2011 | |||||||||
| ||||||||||
Revision 2-3 | Wed Jun 22 2011 | |||||||||
| ||||||||||
Revision 2-2 | Wed Jun 15 2011 | |||||||||
| ||||||||||
Revision 2-1 | Fri May 27 2011 | |||||||||
| ||||||||||
Revision 2-0 | Fri May 6 2011 | |||||||||
| ||||||||||
Revision 1-36 | Tue May 3 2011 | |||||||||
| ||||||||||
Revision 1-35 | Wed April 27 2011 | |||||||||
| ||||||||||
Revision 1-34 | Wed April 13 2011 | |||||||||
| ||||||||||
Revision 1-33 | Tue Feb 8 2011 | |||||||||
| ||||||||||
Revision 1-32 | Mon Feb 7 2011 | |||||||||
| ||||||||||
Revision 1-31 | Mon Feb 7 2011 | |||||||||
| ||||||||||
Revision 1-30 | Mon Jan 31 2011 | |||||||||
|