Red Hat Satellite provides system-level support and management of Red Hat Systems and networks of systems. This chapter will discuss systems and how to organize these systems into functional groups inside the organization for effective management.
Systems are client machines that requests package updates from Red Hat Satellite. These systems can be physical machines or virtualized systems that have been configured to register and receive updates from the Satellite. Registering systems to Satellite is an important step, as the client system will, by default, register to Red Hat Network, instead of the organization's Satellite. For information about how to register, see the relevant chapter on registering clients to the Satellite server in the Red Hat Satellite Client Configuration Guide.
Red Hat Network provides a tool that automates much of the manual reconfiguration for registering systems, this tool is called Red Hat Network Bootstrap. Red Hat Network Bootstrap plays an integral role in the Red Hat Satellite Server Installation Program, enabling generation of the bootstrap script during installation.
Red Hat Satellite Proxy Server administrators and administrators with updated Satellite settings require a bootstrap tool that can be used independently. Red Hat Network Bootstrap, invoked with the command /usr/bin/rhn-bootstrap, serves that purpose and comes installed by default on both Red Hat Satellite Server and Red Hat Satellite Proxy Server.
If used correctly, the script this tool generates can be run from any client system to conduct the following tasks:
Redirect client applications to the Red Hat Satellite Proxy or Satellite
Import custom GPG keys
Install SSL certificates
Register the system to Red Hat Network and particular system groups and channels with the help of activation keys
Perform miscellaneous post-configuration activities, including updating packages, performing reboots, and altering Red Hat Network configuration
Warning
There are inherent risks to using a script to conduct configuration. Security tools such as SSL certificates are installed by the script itself; therefore they do not yet exist on the systems and cannot be used to process transactions. This allows for the possibility of someone impersonating the Satellite and transmitting bad data. This is mitigated by the fact that virtually all Satellites and client systems operate behind customer firewalls and are restricted from outside traffic. Registration is conducted via SSL and is therefore protected.
The bootstrap script bootstrap.sh is automatically placed in the /var/www/html/pub/bootstrap/ directory of the Red Hat Network Server. From there it can be downloaded and run on all client systems. Note that some preparation and post-generation editing is required, as identified in the following sections. See Section 4.1.1.4, “Configuring Red Hat Network Bootstrap Options” for the tool's complete list of options. Finally, see Section 4.1.1.7, “Sample Bootstrap Script” for an example script.
Since Red Hat Network Bootstrap (rhn-bootstrap) depends on other components of the Red Hat Network infrastructure to properly configure client systems, those components must be prepared before script generation. The following list identifies initial measures:
Generate activation keys to be called by the script(s). Activation keys can be used to register Red Hat Enterprise Linux systems, entitle them to an Red Hat Network service level, and subscribe them to specific channels and system groups, all in one action. Note that the organizational account must have Management entitlements available to use an activation key, while inclusion of multiple activation keys at once requires Provisioning entitlements. Generate activation keys through the Activation Keys page within the Systems category of the Red Hat Satellite website (either the central Red Hat Network Servers for Proxy or the fully qualified domain name of the Satellite).
Red Hat recommends RPMs be signed by a custom GNU Privacy Guard (GPG) key. Make the key available so that it can be referred to from the script. Generate the key as described in the Red Hat Satellite Reference Guide and place the key in the /var/www/html/pub/ directory of the Red Hat Satellite Server. See the Importing Custom GPG Keys section in the Red Hat Satellite Reference Guide.
To deploy the CA SSL public certificate through the script, have the certificate or the package (RPM) containing that certificate available on that Red Hat Network Server and include it during script generation with the --ssl-cert option. See the SSL Infrastructure section of the Client Configuration Guide for details.
Have the values ready to develop one or many bootstrap scripts, depending on the variety of systems to be reconfigured. Since Red Hat Network Bootstrap provides a full set of reconfiguration options, use it to generate different bootstrap scripts to accommodate each type of system. For instance, bootstrap-web-servers.sh might be used to reconfigure the Web servers, while bootstrap-app-servers.sh can handle the application servers. See Section 4.1.1.4, “Configuring Red Hat Network Bootstrap Options” for the complete list.
Now that all of the necessary components are in place, use Red Hat Network Bootstrap to generate the required scripts. Log into your Red Hat Satellite Server or Red Hat Satellite Proxy Server as root and issue the rhn-bootstrap command followed by the desired options and values. If no options are included, a bootstrap.sh file is created in the bootstrap/ subdirectory that contains the essential values derived from the server, including hostname, the SSL certificate, it if exists, SSL and GPG settings, and a call for the client-config-overrides.txt file.
At a minimum, Red Hat strongly recommends the scripts also accommodate activation keys, GPG keys, and advanced configuration options in the following manner:
Use the --gpg-key option to identify the key path and filename during script generation. Otherwise, use the --no-gpg option to turn off this verification on client systems. Red Hat recommends retaining this security measure.
Include the --allow-config-actions flag to enable remote configuration management on all client systems touched by the script. This feature is useful in reconfiguring multiple systems simultaneously.
Include the --allow-remote-commands flag to enable remote script use on all client systems. Like configuration management, this feature aids in reconfiguring multiple systems.
When done, the command will look something like this:
Once the script has been prepared for use, it is now ready to be run. Log into the Red Hat Satellite Server or Red Hat Satellite Proxy Server, navigate to the /var/www/html/pub/bootstrap/ directory and run the following command, altering the hostname and name of the script as needed to suit the system type:
Copy to ClipboardCopied!Toggle word wrapToggle overflow
A less secure alternative is to use either wget or curl to retrieve and run the script from every client system. Log into each client machine and issue the following command, altering script and hostname accordingly:
The Red Hat Network Bootstrap offers many command line options for creating client bootstrap scripts. Although descriptions of these options can be found within the following table, ensure that they are available in the version of the tool installed on the Red Hat Network Server by issuing the command rhn-bootstrap --help or reviewing its man page.
Expand
Table 4.1. Red Hat Network Bootstrap Options
Option
Description
-h, --help
Display the help screen with a list of options specific to generating the bootstrap script.
--activation-keys=ACTIVATION_KEYS
Activation key(s) with multiple entries separated by a comma and no space.
--overrides=OVERRIDES
Configuration overrides filename. The default is client-config-overrides.txt.
--script=SCRIPT
The bootstrap script filename. The default is bootstrap.sh.
--hostname=HOSTNAME
The fully qualified domain name (FQDN) of the server to which client systems will connect.
--ssl-cert=SSL_CERT
The path to the organization's public SSL certificate, either a package or a raw certificate. It will be copied to the --pub-tree option. A value of "" will force a search of --pub-tree.
--gpg-key=GPG_KEY
The path to the organization's public GPG key, if used. It will be copied to the location specified by the --pub-tree option.
--http-proxy=HTTP_PROXY
The HTTP proxy setting for the client systems in the form hostname:port. A value of "" disables this setting.
--http-proxy-username=HTTP_PROXY_USERNAME
If using an authenticating HTTP proxy, specify a username. A value of "" disables this setting.
--http-proxy-password=HTTP_PROXY_PASSWORD
If using an authenticating HTTP proxy, specify a password.
--allow-config-actions
Boolean; including this option sets the system to allow all configuration actions via Red Hat Network. This requires installing certain rhncfg-* packages, possibly through an activation key.
--allow-remote-commands
Boolean; including this option sets the system to allow arbitrary remote commands via Red Hat Network. This requires installing certain rhncfg-* packages, possibly through an activation key.
--no-ssl
Not recommended - Boolean; including this option turns SSL off on the client system.
--no-gpg
Not recommended - Boolean; including this option turns GPG checking off on the client system.
--pub-tree=PUB_TREE
Change not recommended - The public directory tree where the CA SSL certificate and package will land; the bootstrap directory and scripts. The default is /var/www/html/pub/.
--force
Not recommended - Boolean; including this option forces bootstrap script generation despite warnings.
Note that this section provides an alternative to using Red Hat Network Bootstrap to generate the bootstrap script. Below are instructions that should assist in creating a bootstrap script from scratch.
All of the initial techniques have shared a common theme: the deployment of necessary files in a centralized location to be retrieved and installed using simple, scriptable commands run on each client. In this section, we explore putting all of these pieces together to create a single script that can be invoked by any system in your organization.
By combining all of the commands learned in the previous section and putting them in the most sensible order, we are able to produce the script below:
Reconfigure the clients to talk to the correct server.
Install the SSL client certificate for your company's
Red Hat Satellite Server or Red Hat Network Proxy Server.
Reconfigure the clients to use the new SSL certificate.
Download the GPG key needed to validate custom packages.
Import that GPG key to your GPG keyring.
# Reconfigure the clients to talk to the correct server.
perl -p -i -e 's/s/www\.rhns\.redhat\.com/proxy-or-sat\.example\.com/g' \
/etc/sysconfig/rhn/rhn_register \
/etc/sysconfig/rhn/up2date
# Install the SSL client certificate for your company's
# Red Hat Satellite Server or Red Hat Network Proxy Server.
rpm -Uvh http://proxy-or-sat.example.com/pub/rhn-org-trusted-ssl-cert-*.noarch.rpm
# Reconfigure the clients to use the new SSL certificate.
perl -p -i -e 's/^sslCA/#sslCA/g;' \
/etc/sysconfig/rhn/up2date /etc/sysconfig/rhn/rhn_register
echo "sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" \
>> /etc/sysconfig/rhn/up2date
echo "sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" \
>> /etc/sysconfig/rhn/rhn_register
# Download the GPG key needed to validate custom packages.
wget -O - -q http://proxy-or-sat.example.com.com/pub/YOUR-RPM-GPG-KEY
# Import that GPG key to your GPG keyring.
rpm --import /path/to/YOUR-RPM-GPG-KEY
Copy to ClipboardCopied!Toggle word wrapToggle overflow
This script comprises a clean and repeatable process that should fully configure any potential Red Hat Satellite client in preparation for registration to a Red Hat Satellite Proxy Server or Red Hat Satellite. Remember, key values, such as the URL of the Red Hat Satellite Server, its public directory, and the actual GPG key must be inserted into the placeholders listed within the script. Also, depending on the environment, additional modifications may be required. Although this script may work nearly verbatim, it should be used as a guide.
Like its components, this script may be centrally located. By placing this script in the /pub/ directory of the server, running wget -O- on it, and piping the output to a shell session, the entire bootstrap process can be run with a single command from each client:
Copy to ClipboardCopied!Toggle word wrapToggle overflow
Warning
Running a shell script directly from input piped in over a Web connection obviously has some inherent security risks. Therefore, it is vital to ensure the security of the source server in this instance.
This one-line command may then be invoked across all of the systems on a network. This script may also be a good addition to the %post section of an existing kickstart script.
The best time to make configuration changes to a system is when that system is first being built. For customers who already use kickstart effectively, the bootstrapping script is an ideal addition to that process.
Once all of the configuration issues have been resolved, a system may also register with the local Red Hat Network Servers using the rhnreg_ks utility that comes with the rhn-setup RPMs. This section discusses the proper use of rhnreg_ks to register systems.
The rhnreg_ks utility uses activation keys to register, entitle, and subscribe systems to specified channels in one swift motion. To find out more about activation keys, see the Red Hat Update Agent and Red Hat Network Website sections of the Red Hat Network Management Reference Guide.
The following commented kickstart file is an ideal example of how a system can be configured from start to finish using Red Hat Satellite.
Generic 7.2 kickstart for laptops in the Widget Corporation (widgetco)
Standard kickstart options for a network-based install. For an
explanation of these options, consult the Red Hat Enterprize Linux
Customization Guide.
Define a standard set of packages. Note: Red Hat Network client
packages are found in the Base channel. This is quite a minimal
set of packages
Use the one-line command for the bootstrap script. Assuming that the
script has been properly configured, it should prepare the system
fully for usage of local Red Hat Network Servers.
The following is an example of rhnreg_ks usage, the kickstart
utility for rhn_register. This demonstrates the usage of the
--activationkey flag, which describes an activation key. For example,
this activation key could be set up in the Web interface to join this
system to the "Laptops" group and the local "Laptop Software"
channel. Note that this section applies only to Proxy server users, as
this step is handled by the Satellite bootstrap script.
For more information about activation keys, consult the Red Hat Network
Management Reference Guide.
End the subshell and capture any output to a post-install log file.
# Generic 7.2 kickstart for laptops in the Widget Corporation (widgetco)
# Standard kickstart options for a network-based install. For an
# explanation of these options, consult the Red Hat Enterprize Linux
# Customization Guide.
lang en_US
langsupport --default en_US en_US
keyboard defkeymap
network --bootproto dhcp
install
url --url ftp://ftp.widgetco.com/pub/redhat/linux/7.2/en/os/i386
zerombr yes
clearpart --all
part /boot --size 128 --fstype ext3 --ondisk hda
part / --size 2048 --grow --fstype ext3 --ondisk hda
part /backup --size 1024 --fstype ext3 --ondisk hda
part swap --size 512 --ondisk hda
bootloader --location mbr
timezone America/New_York
rootpw --iscrypted $1$78Jnap82Hnd0PsjnC8j3sd2Lna/Hx4.
auth --useshadow --enablemd5 --krb5realm .COM --krb5kdc auth.widgetco.com \
--krb5adminserver auth.widgetco.com
mouse --emulthree genericps/2
xconfig --card "S3 Savage/MX" --videoram 8192 --resolution 1024x768 \
--depth 16 --defaultdesktop=GNOME --startxonboot --noprobe \
--hsync 31.5-48.5 --vsync 40-70
reboot
# Define a standard set of packages. Note: Red Hat Network client
# packages are found in the Base channel. This is quite a minimal
# set of packages
%packages
@ Base
@ Utilities
@ GNOME
@ Laptop Support
@ Dialup Support
@ Software Development
@ Graphics and Image Manipulation
@ Games and Entertainment
@ Sound and Multimedia Support
%post
( # Note that we run the entire %post section as a subshell for logging.
# Use the one-line command for the bootstrap script. Assuming that the
# script has been properly configured, it should prepare the system
# fully for usage of local Red Hat Network Servers.
wget -O- http://proxy-or-sat.example.com/pub/bootstrap_script | /bin/bash
# The following is an example of rhnreg_ks usage, the kickstart
# utility for rhn_register. This demonstrates the usage of the
# --activationkey flag, which describes an activation key. For example,
# this activation key could be set up in the Web interface to join this
# system to the "Laptops" group and the local "Laptop Software"
# channel. Note that this section applies only to Proxy server users, as
# this step is handled by the Satellite bootstrap script.
#
# For more information about activation keys, consult the Red Hat Network
# Management Reference Guide.
/usr/sbin/rhnreg_ks --activationkey=6c933ea74b9b002f3ac7eb99619d3374
# End the subshell and capture any output to a post-install log file.
) 1>/root/post_install.log 2>&1
Copy to ClipboardCopied!Toggle word wrapToggle overflow
The /var/www/html/pub/bootstrap/bootstrap.sh script generated by the Red Hat Satellite Server installation program provides the ability to reconfigure client systems to access the Red Hat Satellite Server easily. It is available to both Red Hat Satellite Server and Red Hat Satellite Proxy Server customers through the RHN Bootstrap tool. After modifying the script for a particular use, it can be run on each client machine.
Review the sample and its comments, beginning with a hash mark (#), for additional details. Follow the steps in the Getting Started Guide to prepare the script for use.
This file was autogenerated. Minor manual editing of this script (and
possibly the client-config-overrides.txt file) may be necessary to complete
the bootstrap setup. Once customized, the bootstrap script can be triggered
in one of two ways (the first is preferred):
(1) centrally, from the RHN Satellite Server via ssh (i.e., from the
RHN Satellite Server):
cd /var/www/html/pub/bootstrap/
cat bootstrap-<edited_name>.sh | ssh root@<client-hostname> /bin/bash
...or...
(2) in a decentralized manner, executed on each client, via wget or curl:
wget -qO- https://<hostname>/pub/bootstrap/bootstrap-<edited_name>.sh | /bin/bash
...or...
curl -Sks https://<hostname>/pub/bootstrap/bootstrap-<edited_name>.sh | /bin/bash
SECURITY NOTE:
Use of these scripts via the two methods discussed is the most expedient
way to register machines to your RHN Satellite Server. Since "wget" is used
throughout the script to download various files, a "Man-in-the-middle"
attack is theoretically possible.
The actual registration process is performed securely via SSL, so the risk
is minimized in a sense. This message merely serves as a warning.
Administrators need to appropriately weigh their concern against the
relative security of their internal network.
PROVISIONING/KICKSTART NOTE:
If provisioning a client, ensure the proper CA SSL public certificate is
configured properly in the post section of your kickstart profiles (the
RHN Satellite or hosted web user interface).
UP2DATE/RHN_REGISTER VERSIONING NOTE:
This script will not work with very old versions of up2date and
rhn_register.
can be edited, but probably correct (unless created during initial install):
NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine.
can be edited, but probably correct:
Set if you want to specify profilename for client systems.
NOTE: Make sure it's set correctly if any external command is used.
ex. PROFILENAME="foo.example.com" # For specific client system
PROFILENAME=`hostname -s` # Short hostname
PROFILENAME=`hostname -f` # FQDN
-----------------------------------------------------------------------------
DO NOT EDIT BEYOND THIS POINT -----------------------------------------------
-----------------------------------------------------------------------------
an idea from Erich Morisse (of Red Hat).
use either wget *or* curl
Also check to see if the version on the
machine supports the insecure mode and format
command accordingly.
Should have created an activation key or keys on the RHN Satellite Server's
website and edited the value of ACTIVATION_KEYS above.
If you require use of several different activation keys, copy this file and
change the string as needed.
#!/bin/bash
echo "Red Hat Satellite Server Client bootstrap script v4.0"
# This file was autogenerated. Minor manual editing of this script (and
# possibly the client-config-overrides.txt file) may be necessary to complete
# the bootstrap setup. Once customized, the bootstrap script can be triggered
# in one of two ways (the first is preferred):
#
# (1) centrally, from the RHN Satellite Server via ssh (i.e., from the
# RHN Satellite Server):
# cd /var/www/html/pub/bootstrap/
# cat bootstrap-<edited_name>.sh | ssh root@<client-hostname> /bin/bash
#
# ...or...
#
# (2) in a decentralized manner, executed on each client, via wget or curl:
# wget -qO- https://<hostname>/pub/bootstrap/bootstrap-<edited_name>.sh | /bin/bash
# ...or...
# curl -Sks https://<hostname>/pub/bootstrap/bootstrap-<edited_name>.sh | /bin/bash
# SECURITY NOTE:
# Use of these scripts via the two methods discussed is the most expedient
# way to register machines to your RHN Satellite Server. Since "wget" is used
# throughout the script to download various files, a "Man-in-the-middle"
# attack is theoretically possible.
#
# The actual registration process is performed securely via SSL, so the risk
# is minimized in a sense. This message merely serves as a warning.
# Administrators need to appropriately weigh their concern against the
# relative security of their internal network.
# PROVISIONING/KICKSTART NOTE:
# If provisioning a client, ensure the proper CA SSL public certificate is
# configured properly in the post section of your kickstart profiles (the
# RHN Satellite or hosted web user interface).
# UP2DATE/RHN_REGISTER VERSIONING NOTE:
# This script will not work with very old versions of up2date and
# rhn_register.
echo
echo
echo "MINOR MANUAL EDITING OF THIS FILE MAY BE REQUIRED!"
echo
echo "If this bootstrap script was created during the initial installation"
echo "of an RHN Satellite, the ACTIVATION_KEYS, and ORG_GPG_KEY values will"
echo "probably *not* be set (see below). If this is the case, please do the"
echo "following:"
echo " - copy this file to a name specific to its use."
echo " (e.g., to bootstrap-SOME_NAME.sh - like bootstrap-web-servers.sh.)"
echo " - on the website create an activation key or keys for the system(s) to"
echo " be registered."
echo " - edit the values of the VARIABLES below (in this script) as"
echo " appropriate:"
echo " - ACTIVATION_KEYS needs to reflect the activation key(s) value(s)"
echo " from the website. XKEY or XKEY,YKEY"
echo " - ORG_GPG_KEY needs to be set to the name(s) of the corporate public"
echo " GPG key filename(s) (residing in /var/www/html/pub) if appropriate. XKEY or XKEY,YKEY"
echo
echo "Verify that the script variable settings are correct:"
echo " - CLIENT_OVERRIDES should be only set differently if a customized"
echo " client-config-overrides-VER.txt file was created with a different"
echo " name."
echo " - ensure the value of HOSTNAME is correct."
echo " - ensure the value of ORG_CA_CERT is correct."
echo
echo "Enable this script: comment (with #'s) this block (or, at least just"
echo "the exit below)"
echo
exit 1
# can be edited, but probably correct (unless created during initial install):
# NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine.
ACTIVATION_KEYS=
ORG_GPG_KEY=
# can be edited, but probably correct:
CLIENT_OVERRIDES=client-config-overrides.txt
HOSTNAME=yoursatellite.hostname.com
ORG_CA_CERT=RHN-ORG-TRUSTED-SSL-CERT
ORG_CA_CERT_IS_RPM_YN=0
USING_SSL=1
USING_GPG=1
REGISTER_THIS_BOX=1
ALLOW_CONFIG_ACTIONS=1
ALLOW_REMOTE_COMMANDS=1
FULLY_UPDATE_THIS_BOX=1
# Set if you want to specify profilename for client systems.
# NOTE: Make sure it's set correctly if any external command is used.
#
# ex. PROFILENAME="foo.example.com" # For specific client system
# PROFILENAME=`hostname -s` # Short hostname
# PROFILENAME=`hostname -f` # FQDN
PROFILENAME="" # Empty by default to let it be set automatically.
#
# -----------------------------------------------------------------------------
# DO NOT EDIT BEYOND THIS POINT -----------------------------------------------
# -----------------------------------------------------------------------------
#
# an idea from Erich Morisse (of Red Hat).
# use either wget *or* curl
# Also check to see if the version on the
# machine supports the insecure mode and format
# command accordingly.
if [ -x /usr/bin/wget ] ; then
output=`LANG=en_US /usr/bin/wget --no-check-certificate 2>&1`
error=`echo $output | grep "unrecognized option"`
if [ -z "$error" ] ; then
FETCH="/usr/bin/wget -q -r -nd --no-check-certificate"
else
FETCH="/usr/bin/wget -q -r -nd"
fi
else
if [ -x /usr/bin/curl ] ; then
output=`LANG=en_US /usr/bin/curl -k 2>>&1`
error=`echo $output | grep "is unknown"`
if [ -z "$error" ] ; then
FETCH="/usr/bin/curl -SksO"
else
FETCH="/usr/bin/curl -SsO"
fi
fi
fi
HTTP_PUB_DIRECTORY=http://${HOSTNAME}/pub
HTTPS_PUB_DIRECTORY=https://${HOSTNAME}/pub
if [ $USING_SSL -eq 0 ] ; then
HTTPS_PUB_DIRECTORY=${HTTP_PUB_DIRECTORY}
fi
INSTALLER=up2date
if [ -x /usr/bin/zypper ] ; then
INSTALLER=zypper
elif [ -x /usr/bin/yum ] ; then
INSTALLER=yum
fi
echo
echo "UPDATING RHN_REGISTER/UP2DATE CONFIGURATION FILES"
echo "-------------------------------------------------"
echo "* downloading necessary files"
echo " client_config_update.py..."
rm -f client_config_update.py
$FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/client_config_update.py
echo " ${CLIENT_OVERRIDES}..."
rm -f ${CLIENT_OVERRIDES}
$FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/${CLIENT_OVERRIDES}
if [ ! -f "client_config_update.py" ] ; then
echo "ERROR: client_config_update.py was not downloaded"
exit 1
fi
if [ ! -f "${CLIENT_OVERRIDES}" ] ; then
echo "ERROR: ${CLIENT_OVERRIDES} was not downloaded"
exit 1
fi
echo "* running the update scripts"
if [ -f "/etc/sysconfig/rhn/rhn_register" ] ; then
echo " . rhn_register config file"
/usr/bin/python -u client_config_update.py /etc/sysconfig/rhn/rhn_register ${CLIENT_OVERRIDES}
fi
echo " . up2date config file"
/usr/bin/python -u client_config_update.py /etc/sysconfig/rhn/up2date ${CLIENT_OVERRIDES}
if [ ! -z "$ORG_GPG_KEY" ] ; then
echo
echo "* importing organizational GPG key"
for GPG_KEY in $(echo "$ORG_GPG_KEY" | tr "," " "); do
rm -f ${GPG_KEY}
$FETCH ${HTTPS_PUB_DIRECTORY}/${GPG_KEY}
# get the major version of up2date
# this will also work for RHEL 5 and systems where no up2date is installed
res=$(LC_ALL=C rpm -q --queryformat '%{version}' up2date | sed -e 's/\..*//g')
if [ "x$res" == "x2" ] ; then
gpg $(up2date --gpg-flags) --import $GPG_KEY
else
rpm --import $GPG_KEY
fi
done
fi
echo
echo "* attempting to install corporate public CA cert"
if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then
rpm -Uvh --force --replacefiles --replacepkgs ${HTTPS_PUB_DIRECTORY}/${ORG_CA_CERT}
else
rm -f ${ORG_CA_CERT}
$FETCH ${HTTPS_PUB_DIRECTORY}/${ORG_CA_CERT}
mv ${ORG_CA_CERT} /usr/share/rhn/
fi
if [ "$INSTALLER" == zypper ] ; then
if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then
# get name from config
ORG_CA_CERT=$(basename $(sed -n 's/^sslCACert *= *//p' /etc/sysconfig/rhn/up2date))
fi
test -e "/etc/ssl/certs/${ORG_CA_CERT}.pem" || {
test -d "/etc/ssl/certs" || mkdir -p "/etc/ssl/certs"
ln -s "/usr/share/rhn/${ORG_CA_CERT}" "/etc/ssl/certs/${ORG_CA_CERT}.pem"
}
test -x /usr/bin/c_rehash && /usr/bin/c_rehash /etc/ssl/certs/ | grep "${ORG_CA_CERT}"
fi
echo
echo "REGISTRATION"
echo "------------"
# Should have created an activation key or keys on the RHN Satellite Server's
# website and edited the value of ACTIVATION_KEYS above.
#
# If you require use of several different activation keys, copy this file and
# change the string as needed.
#
if [ -z "$ACTIVATION_KEYS" ] ; then
echo "*** ERROR: in order to bootstrap RHN clients, an activation key or keys"
echo " must be created in the RHN web user interface, and the"
echo " corresponding key or keys string (XKEY,YKEY,...) must be mapped to"
echo " the ACTIVATION_KEYS variable of this script."
exit 1
fi
if [ $REGISTER_THIS_BOX -eq 1 ] ; then
echo "* registering"
files=""
directories=""
if [ $ALLOW_CONFIG_ACTIONS -eq 1 ] ; then
for i in "/etc/sysconfig/rhn/allowed-actions /etc/sysconfig/rhn/allowed-actions/configfiles"; do
[ -d "$i" ] || (mkdir -p $i && directories="$directories $i")
done
[ -f /etc/sysconfig/rhn/allowed-actions/configfiles/all ] || files="$files /etc/sysconfig/rhn/allowed-actions/configfiles/all"
[ -n "$files" ] && touch $files
fi
if [ -z "$PROFILENAME" ] ; then
profilename_opt=""
else
profilename_opt="--profilename=$PROFILENAME"
fi
/usr/sbin/rhnreg_ks --force --activationkey "$ACTIVATION_KEYS" $profilename_opt
RET="$?"
[ -n "$files" ] && rm -f $files
[ -n "$directories" ] && rmdir $directories
if [ $RET -eq 0 ]; then
echo
echo "*** this system should now be registered, please verify ***"
echo
else
echo
echo "*** Error: Registering the system failed."
echo
exit 1
fi
else
echo "* explicitly not registering"
fi
if [ $ALLOW_CONFIG_ACTIONS -eq 1 ] ; then
echo
echo "* setting permissions to allow configuration management"
echo " NOTE: use an activation key to subscribe to the tools"
if [ "$INSTALLER" == zypper ] ; then
echo " channel and zypper install/update rhncfg-actions"
elif [ "$INSTALLER" == yum ] ; then
echo " channel and yum upgrade rhncfg-actions"
else
echo " channel and up2date rhncfg-actions"
fi
if [ -x "/usr/bin/rhn-actions-control" ] ; then
rhn-actions-control --enable-all
rhn-actions-control --disable-run
else
echo "Error setting permissions for configuration management."
echo " Please ensure that the activation key subscribes the"
if [ "$INSTALLER" == zypper ] ; then
echo " system to the tools channel and zypper install/update rhncfg-actions."
elif [ "$INSTALLER" == yum ] ; then
echo " system to the tools channel and yum updates rhncfg-actions."
else
echo " system to the tools channel and up2dates rhncfg-actions."
fi
exit
fi
fi
if [ $ALLOW_REMOTE_COMMANDS -eq 1 ] ; then
echo
echo "* setting permissions to allow remote commands"
echo " NOTE: use an activation key to subscribe to the tools"
if [ "$INSTALLER" == zypper ] ; then
echo " channel and zypper update rhncfg-actions"
elif [ "$INSTALLER" == yum ] ; then
echo " channel and yum upgrade rhncfg-actions"
else
echo " channel and up2date rhncfg-actions"
fi
if [ -x "/usr/bin/rhn-actions-control" ] ; then
rhn-actions-control --enable-run
else
echo "Error setting permissions for remote commands."
echo " Please ensure that the activation key subscribes the"
if [ "$INSTALLER" == zypper ] ; then
echo " system to the tools channel and zypper updates rhncfg-actions."
elif [ "$INSTALLER" == yum ] ; then
echo " system to the tools channel and yum updates rhncfg-actions."
else
echo " system to the tools channel and up2dates rhncfg-actions."
fi
exit
fi
fi
echo
echo "OTHER ACTIONS"
echo "------------------------------------------------------"
if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then
if [ "$INSTALLER" == zypper ] ; then
echo "zypper --non-interactive up zypper zypp-plugin-spacewalk; rhn-profile-sync; zypper --non-interactive up (conditional)"
elif [ "$INSTALLER" == yum ] ; then
echo "yum -y upgrade yum yum-rhn-plugin; rhn-profile-sync; yum upgrade (conditional)"
else
echo "up2date up2date; up2date -p; up2date -uf (conditional)"
fi
else
if [ "$INSTALLER" == zypper ] ; then
echo "zypper --non-interactive up zypper zypp-plugin-spacewalk; rhn-profile-sync"
elif [ "$INSTALLER" == yum ] ; then
echo "yum -y upgrade yum yum-rhn-plugin; rhn-profile-sync"
else
echo "up2date up2date; up2date -p"
fi
fi
echo "but any post configuration action can be added here. "
echo "------------------------------------------------------"
if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then
echo "* completely updating the box"
else
echo "* ensuring $INSTALLER itself is updated"
fi
if [ "$INSTALLER" == zypper ] ; then
zypper ref -s
zypper --non-interactive up zypper zypp-plugin-spacewalk
if [ -x /usr/sbin/rhn-profile-sync ] ; then
/usr/sbin/rhn-profile-sync
else
echo "Error updating system info in RHN Satellite."
echo " Please ensure that rhn-profile-sync in installed and rerun it."
fi
if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then
zypper --non-interactive up
fi
elif [ "$INSTALLER" == yum ] ; then
/usr/bin/yum -y upgrade yum yum-rhn-plugin
if [ -x /usr/sbin/rhn-profile-sync ] ; then
/usr/sbin/rhn-profile-sync
else
echo "Error updating system info in RHN Satellite."
echo " Please ensure that rhn-profile-sync in installed and rerun it."
fi
if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then
/usr/bin/yum -y upgrade
fi
else
/usr/sbin/up2date up2date
/usr/sbin/up2date -p
if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then
/usr/sbin/up2date -uf
fi
fi
echo "-bootstrap complete-"
Copy to ClipboardCopied!Toggle word wrapToggle overflow
Red Hat Summit
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}