[ale] RHEL and Satellite
Andrew Wade
andrewiwade at gmail.com
Mon Jul 25 13:44:28 EDT 2011
For Red Hat Satellite you need to know the following things:
On the local server (not satellite)
/etc/sysconfig/rhn/up2date -> You main client config for red hat satellite
serverURL[comment]=Remote server URL
serverURL=https://rhn.redhat.com/XMLRPC -> If you just want to register to
rhn.redhat.com && set the CERT accordingly
serverURL=https://disconnectedsatellite.your.domain/XMLRPC -> If you want
to register to your own hosted Red Hat Satellite serverURL
sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT -> This cert comes from
your local satellite server when you generate its ssl key. You have to scp
it from your local satellite server over to this server
sslCACert=/usr/share/rhn/RHNS-CA-CERT -> This cert is the one that is
on rhn.redhat.com
So, when you run rhn_register, it'll go out to the satellite listed in
serverURL above then, check the sslCACert to make sure its the SSL cert for
that Satellite.
When you configure activation keys to autosubscripe server to a particular
custom channel, you use the syntax:
rhnreg_ks --activationkey=1-xxx --force
Also, fyi I scripted the entire registration process including creation of
my ssl cert for my local satellite:
(I simplified it to the below for the this thread)
#!/bin/bash
### Variables -> Need to be updated for rhel 3 servers ( esu1l011) and rhel
4 servers (esu1l298)
RHEL3_VER=`cat /etc/redhat-release | awk '{print $7}'`
RHEL3_Point=`cat /etc/redhat-release | awk '{print $10}' | cut -c 1`
RHEL_VER=$RHEL3_VER$RHEL3_Point
ARCH=`uname -a | awk '{ print $12 }'`
cp /etc/sysconfig/rhn/up2date /etc/sysconfig/rhn/up2date.bk
cp /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT.bk
## Remove old rhn.redhat.com entry if it exists
perl -npe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i
/etc/sysconfig/rhn/*
perl -npe 's/xmlrpc.rhn.redhat.com/mysatellite.my.domain/' -i
/etc/sysconfig/rhn/up2date
## Insert correct SSL Cert and GPG Key
cat > /tmp/gpg-key-1 <<'EOF'
-----BEGIN PGP PUBLIC KEY BLOCK-----
xxxxxxxxxxxxxxxxxxx
-----END PGP PUBLIC KEY BLOCK-----
EOF
# gpg-key1
rpm --import /tmp/gpg-key-1
cat > /tmp/ssl-key-1 <<'EOF'
Certificate:
-----END CERTIFICATE-----
EOF
# ssl-key1
cat /tmp/ssl-key-1 > /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
if [ $RHEL_VER = 38 -a $ARCH = i686 ]
then
rhnreg_ks --activationkey=1-xxx --force
service rhnsd stop
chkconfig rhnsd off
fi
if [ $RHEL_VER = 45 -a $ARCH = x86_64 ]
then
rhnreg_ks --activationkey=1-xxx --force
service rhnsd stop
chkconfig rhnsd off
fi
if [ $RHEL_VER = 46 -a $ARCH = i686 ]
then
rhnreg_ks --activationkey=1-xxx --force
service rhnsd stop
chkconfig rhnsd off
fi
if [ $RHEL_VER = 46 -a $ARCH = x86_64 ]
then
rhnreg_ks --activationkey=1-xxx --force
service rhnsd stop
chkconfig rhnsd off
fi
if [ $RHEL_VER = 48 -a $ARCH = i686 ]
then
rhnreg_ks --activationkey=1-xxx --force
service rhnsd stop
chkconfig rhnsd off
fi
if [ $RHEL_VER = 48 -a $ARCH = x86_64 ]
then
rhnreg_ks --activationkey=1-xxx --force
service rhnsd stop
chkconfig rhnsd off
fi
if [ $RHEL_VER = 5.3 -a $ARCH = x86_64 ]
then
service yum-updatesd stop
chkconfig yum-updatesd off
rhnreg_ks --activationkey=1-xxx --force
fi
if [ $RHEL_VER = 5.4 -a $ARCH = x86_64 ]
then
service yum-updatesd stop
chkconfig yum-updatesd off
rhnreg_ks --activationkey=1-xxx --force
fi
if [ $RHEL_VER = 5.4 -a $ARCH = i686 ]
then
service yum-updatesd stop
chkconfig yum-updatesd off
rhnreg_ks --activationkey=1-xxx --force
fi
if [ $RHEL_VER = 5.6 -a $ARCH = x86_64 ]
then
service yum-updatesd stop
chkconfig yum-updatesd off
rhnreg_ks --activationkey=1-xxx --force
fi
if [ $RHEL_VER = 5.6 -a $ARCH = i686 ]
then
service yum-updatesd stop
chkconfig yum-updatesd off
rhnreg_ks --activationkey=1-xxx --force
fi
if [ $RHEL_VER = 6 -a $ARCH = x86_64 ]
then
service yum-updatesd stop
chkconfig yum-updatesd off
rhnreg_ks --activationkey=1-xxx --force
fi
On Mon, Jul 25, 2011 at 1:00 PM, Damon Chesser <dchesser at acsi2000.com>wrote:
> Yes, I don’t run the command up2date, but an xml file is there with that
> label, and that ties in what server/username/password you use to register
> with.****
>
> ** **
>
> At least if I move them out of the way (up2date and systemid), THEN I can
> register again. This is NOT the command up2date. Systemid seems to set
> parameters to run with (such as how often you will poll the server).****
>
> ** **
>
> This is RHEL 5+****
>
> ** **
>
> Damon Chesser****
>
> dchesser at acsi2000.com****
>
> damon at damtek.com****
>
> ** **
>
> *From:* ale-bounces at ale.org [mailto:ale-bounces at ale.org] *On Behalf Of *Lightner,
> Jeff
> *Sent:* Monday, July 25, 2011 12:48 PM
>
> *To:* Atlanta Linux Enthusiasts
> *Subject:* Re: [ale] RHEL and Satellite****
>
> ** **
>
> You mentioned up2date. Please be aware that RHEL4 and earlier use up2date
> but RHEL5 and later use yum instead.****
>
> ** **
>
> ****
>
> ****
> ------------------------------
>
> *From:* ale-bounces at ale.org [mailto:ale-bounces at ale.org] *On Behalf Of *Damon
> Chesser
> *Sent:* Monday, July 25, 2011 12:24 PM
> *To:* Atlanta Linux Enthusiasts
> *Subject:* Re: [ale] RHEL and Satellite****
>
> ** **
>
> Answering my own question:****
>
> ** **
>
> http://www.cyberciti.biz/faq/reregister-rhel-system-with-red-hat-network/*
> ***
>
> ** **
>
> e) Login to your system and delete */etc/sysconfig/rhn/systemid* file
> using rm command, enter:
> # rm /etc/sysconfig/rhn/systemid****
>
> f) Now register box with the update agent using *rhn_register*, enter:
> # rhn_register
> rhn_register is a client program that registers your system with Red Hat
> Network (or a Red Hat Network Satellite). After registering, your system can
> recieve software updates, install new software, and remotely manage your
> system. It can run both in graphical and text modes.****
>
> ** **
>
> ** **
>
> I was not googling correctly. I was looking for “registered with RH
> Satellite re-register with RHN” and such things but it hit me: “Can’t
> register with RHN”! Erueka! 2nd hit (first was blocked).****
>
> ** **
>
> Sincerely,****
>
> ** **
>
> Damon Chesser****
>
> SRP Linux/Red Hat Engineer****
>
> Core Integration Engineering****
>
> *Apex Computer Systems Inc.*
>
> Cell 404-271-8699****
>
> dchesser at acsi2000.com****
>
> ****
>
> ** **
>
> *From:* ale-bounces at ale.org [mailto:ale-bounces at ale.org] *On Behalf Of *Damon
> Chesser
> *Sent:* Monday, July 25, 2011 12:18 PM
> *To:* Atlanta Linux Enthusiasts
> *Subject:* [ale] RHEL and Satellite****
>
> ** **
>
> I have a base install. We don’t have a Satellite server ready for
> production yet. A co-worker wanted to test the registration to the
> satellite and then they “would force a RHN” registration. That was Friday.
> Now it is Monday and I can’t seem to run any commands on the server to allow
> it to register with the RedHat Network. ****
>
> ** **
>
> ** **
>
> rhn_register --nox does not allow me to change the server. A manual I have
> says to run rhn_register --nox –configure, but of course –-configure is not
> a real option. I suppose I could move the /etc/sysconfig/rhn/up2date out of
> the way and see what happens but I am curious, what is the correct way to
> change this setting?****
>
> ** **
>
> Googleing so far turns up hits on how to register, how to drop a client
> (servers side) but I am not finding anything about the client side.****
>
> ** **
>
> ** **
>
> ** **
>
> Damon Chesser****
>
> dchesser at acsi2000.com****
>
> damon at damtek.com****
>
> ** **
>
> ** **
> ------------------------------
>
> Disclaimer: This electronic transmission and any attachments contain
> confidential information belonging to the sender. This information may be
> legally protected. The information is intended only for the use of the
> individual or entity named above. If you are not the intended recipient or
> receive this message in error, you are hereby notified that any disclosure,
> copying, distribution or taking of any action in reliance on or regarding
> the contents of this information is strictly prohibited. Please notify the
> sender immediately if you have received this information in error.
>
> www.acsi2000.com
>
>
> _____________________________________________________________________________
> Scanned by IBM Email Security Management Services powered by MessageLabs.
> For more information please visit
> http://www-935.ibm.com/services/us/index.wss/offerfamily/iss/a1026954
>
> _____________________________________________________________________________
>
>
> _____________________________________________________________________________
> Scanned by IBM Email Security Management Services powered by MessageLabs.
> For more information please visit
> http://www-935.ibm.com/services/us/index.wss/offerfamily/iss/a1026954
>
> _____________________________________________________________________________
> ****
>
> ** **
> ------------------------------
>
> Disclaimer: This electronic transmission and any attachments contain
> confidential information belonging to the sender. This information may be
> legally protected. The information is intended only for the use of the
> individual or entity named above. If you are not the intended recipient or
> receive this message in error, you are hereby notified that any disclosure,
> copying, distribution or taking of any action in reliance on or regarding
> the contents of this information is strictly prohibited. Please notify the
> sender immediately if you have received this information in error.
>
> www.acsi2000.com****
>
> ****
>
> ****
>
> ****
>
> Proud partner. Susan G. Komen for the Cure.****
>
> ****
>
> *Please consider our environment before printing this e-mail or
> attachments.* ****
>
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
> information and is for the sole use of the intended recipient(s). If you are
> not the intended recipient, any disclosure, copying, distribution, or use of
> the contents of this information is prohibited and may be unlawful. If you
> have received this electronic transmission in error, please reply
> immediately to the sender that you have received the message in error, and
> delete it. Thank you.
> ----------------------------------****
>
> ****
>
>
>
> _____________________________________________________________________________
> Scanned by IBM Email Security Management Services powered by MessageLabs.
> For more information please visit
> http://www-935.ibm.com/services/us/index.wss/offerfamily/iss/a1026954
>
> _____________________________________________________________________________
> ****
>
> ------------------------------
> Disclaimer: This electronic transmission and any attachments contain
> confidential information belonging to the sender. This information may be
> legally protected. The information is intended only for the use of the
> individual or entity named above. If you are not the intended recipient or
> receive this message in error, you are hereby notified that any disclosure,
> copying, distribution or taking of any action in reliance on or regarding
> the contents of this information is strictly prohibited. Please notify the
> sender immediately if you have received this information in error.
>
> www.acsi2000.com
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20110725/b825a111/attachment-0001.html
More information about the Ale
mailing list