5.4.3. Configuring Servers for Enhanced Entitlements Reporting

Procedure 5.2. To Configure Servers for Enhanced Entitlements Reporting

1. Access the terminal on your SAM server using root permissions.
2. Generate an SSH key pair on the SAM server:

   [root@sam13] # su - splice -s /bin/sh -c 'ssh-keygen -t rsa -f /var/lib/splice/id_rsa-sat -N ""'
   

   Copy to Clipboard Toggle word wrap
   Make a note of the content of the public key file:

   [root@sam13] # cat /var/lib/splice/id_rsa-sat.pub
   

   Copy to Clipboard Toggle word wrap
3. Access the terminal on your Satellite 5 server using root permissions.
4. Create a new swreport user on the Satellite 5 machine and provide the user with a .ssh directory.

   [root@sat56] # useradd swreport
   [root@sat56] # mkdir /home/swreport/.ssh
   

   Copy to Clipboard Toggle word wrap
5. Append the /home/swreport/.ssh/authorized_keys file with the contents of the /var/lib/splice/id_rsa-sat.pub file on your chosen Subscription Management Application.
6. Prepend the SAM public key content in /home/swreport/.ssh/authorized_keys with the following:

   command="/usr/bin/spacewalk-report $SSH_ORIGINAL_COMMAND"
   

   Copy to Clipboard Toggle word wrap
   This ensures the swreport user only uses the spacewalk-report command.
7. Set permissions and the SELinux content on the .ssh directory and authorized_keys file for the swreport user.

   [root@sat56] # chown -R swreport:swreport /home/swreport/.ssh
   [root@sat56] # chmod 700 /home/swreport/.ssh
   [root@sat56] # chmod 600 /home/swreport/.ssh/authorized_keys
   [root@sat56] # restorecon -R /home/swreport/.ssh
   

   Copy to Clipboard Toggle word wrap
8. The swreport user requires permissions to read rhn.conf and connect to the database. Add this user to the apache group.

   [root@sat56] # gpasswd -a swreport apache
   

   Copy to Clipboard Toggle word wrap
9. Test your connection. Switch to the Subscription Asset Manager server and run the following command:

   [root@sam13] # su - splice -s /bin/bash
   [splice@sam13] # ssh -i /var/lib/splice/id_rsa-sat swreport@sat56-hostname splice-export
   

   Copy to Clipboard Toggle word wrap
   Substitute sat56-hostname for the hostname of the Subscription Asset Manager server.

   Important

   This command is required to accept the Satelite 5 server's fingerprint.
10. Edit the /etc/splice/checkin.conf on the Subscription Asset Manager server.

    [root@sam13] # vi /etc/splice/checkin.conf
    

    Copy to Clipboard Toggle word wrap
11. Edit the following sections:

    [spacewalk]
    host=hostname
    ssh_key_path=/var/lib/splice/id_rsa-sat
    login=swreport
    
    [katello]
    hostname=localhost
    port=443
    proto=https
    api_url=/sam
    admin_user=admin
    admin_pass=password

    Copy to Clipboard Toggle word wrap
    Substitute hostname for the hostname of the Satellite 5 server and password for your SAM administration password. Enter the location of the SAM SSH key for the ssh_key_path parameter. Save your changes.
12. Run spacewalk-splice-checkin tool as the splice user to generate organizations from the Satellite 5 server.

    [root@sam13] # su - splice -s /bin/bash
    [splice@sam13] $ spacewalk-splice-checkin
    

    Copy to Clipboard Toggle word wrap