Implementing a fully functional RHN Satellite requires more than installing software and a database. Client systems must be configured to use the Satellite. Custom packages and channels should be created for optimal use. Since these tasks extend beyond the basic installation, they are covered in detail in other guides, as well as this RHN Satellite Installation Guide. For a full list of the necessary technical documents, refer to Chapter 2, Requirements.
For this reason, this section seeks to provide a definitive list of all required and recommended steps, from evaluation through custom package deployment. They should take place in roughly this order:
- After an evaluation, you contact your Red Hat sales representative to purchase RHN Satellite.
- Your Red Hat contact sends you an RHN Entitlement Certificate via email.
- Your Red Hat contact creates a Satellite-entitled account on the RHN website and sends you the login information.
- Log into the RHN website (rhn.redhat.com) and download the distribution ISOs for Red Hat Enterprise Linux AS 4 or Red Hat Enterprise Linux 5 and RHN Satellite. These can be found within the Downloads tab of the respective Channel Details pages. Refer to the RHN Reference Guide for instructions.
- While still logged into the RHN website, download the Channel Content ISOs to be served by your Satellite, also available through the Downloads tab of your Satellite's Channel Details page. These Channel Content ISOs differ from the distribution ISOs previously mentioned in that they contain metadata necessary for parsing and serving packages by Satellite.
- If installing a Stand-Alone Database, prepare your database instance using the formula provided in Chapter 2, Requirements.
- Install Red Hat Enterprise Linux and then RHN Satellite on the Satellite machine.
- Create the first user account on the Satellite by opening the Satellite's hostname in a Web browser and clicking . This will be the Satellite Administrator's (also referred to as the Organization Administrator) account.
- Use the RHN Satellite Synchronization Tool to import the channels and associated packages into the Satellite.
- Register a representative machine for each distribution type, or channel (such as Red Hat Enterprise Linux 4 or 5), to the Satellite.
- Copy (using SCP) the
rhn_registerandup2dateconfiguration files from the/etc/sysconfig/rhn/directory of each machine individually to the/pub/directory on the Satellite. Therhn-org-trusted-ssl-cert-*.noarch.rpmwill already be there. - Download and install from the Satellite the configuration files and
rhn-org-trusted-ssl-cert-*.noarch.rpmon the remaining client systems of the same distribution type. Repeat this and the previous step until all distribution types are complete. - Through the Satellite's website, create an Activation Key for each distribution aligned to the appropriate base channel. At this point, system groups and child channels may also be predefined.
- Run the Activation Key from the command line (
rhnreg_ks) of each client system. Note that this step can be scripted to batch register and reconfigure all remaining client systems in a distribution. - Record all relevant usernames, passwords and other login information and store in multiple secure places.
- Now that the Satellite is populated with standard Red Hat channels and packages and all clients are connected to it, you may begin creating and serving custom channels and packages. Once the custom RPMs are developed, you can import them into the Satellite using RHN Push and add custom channels in which to store them through the Satellite's website. Refer to the RHN Channel Management Guide for details.
http://www.outsidaz.org/blog/2010/07/30/migrating-rhn-satellite-to-new-hardware/
Recently, I had a requirement to migrate a system running RHN
Satellite 5.3 with the embedded database from a host running RHEL4 i386 to
another host running RHEL5 x86_64. Looking through the various documents
included in the rhn-upgrade package on RHN, I noticed that
there wasn’t a procedure available for the upgrade we were planning. There was a
procedure for migrating from RHEL4 -> RHEL5 while also upgrading the version
of the RHN Satellite software. I really only needed the first part, as our RHN
Satellite software was already the latest (and greatest :). This document is based on/etc/sysconfig/rhn/satellite-upgrade/rhn-satellite-5-upgrade-scenario-1a.txt included
with the rhn-upgrade package. I have removed the steps that
require database upgrades as the version of RHN Satellite is not changing.
Additionally, this document is written to enable building the replacement
Satellite Server in parallel to the new system. That way, if the upgrade goes
horridly wrong, reverting back to your working Satellite is very easy. During
this document, I will use $ORIGINAL and $NEW to refer to the old and new
Satellite servers.
Prerequisites
[*] Both systems ($ORIGINAL & $NEW) registered on the RHN hosted site.
[*] RHN Satellite Certificate downloaded on $NEW.
[*] RHN Satellite Installation ISO downloaded on $NEW
Procedure
[*] Build $NEW with Red Hat Enterprise Linux 5 x86_64 according to the specifications of the Red Hat Network Satellite Guide. This means turning on SELinux to Permissive or Enforcing mode if it is set to Disabled. Reboot if necessary to enable the system to do its filesystem relabel.
[*] Ensure the hostname of the $NEW server is EXACTLY the same as the $ORIGINAL server
[*] Mount the new RHN Satellite ISO (without running the installation program). Ensure the ISO matches the operating system of the server you are installing it on. In my case it wasredhat-rhn-satellite-5.3-server-x86_64-5-embedded-oracle.iso
[*] Perform the command-line portion of the RHN Satellite Server v5.3 installation. Doing the installation in disconnected mode means that Satellite won’t attempt to contact RHN via the install
[*] Build $NEW with Red Hat Enterprise Linux 5 x86_64 according to the specifications of the Red Hat Network Satellite Guide. This means turning on SELinux to Permissive or Enforcing mode if it is set to Disabled. Reboot if necessary to enable the system to do its filesystem relabel.
[*] Ensure the hostname of the $NEW server is EXACTLY the same as the $ORIGINAL server
[*] Mount the new RHN Satellite ISO (without running the installation program). Ensure the ISO matches the operating system of the server you are installing it on. In my case it wasredhat-rhn-satellite-5.3-server-x86_64-5-embedded-oracle.iso
[*] Perform the command-line portion of the RHN Satellite Server v5.3 installation. Doing the installation in disconnected mode means that Satellite won’t attempt to contact RHN via the install
./install.pl --disconnected --enable-tftp
[*] Shut down RHN Satellite services on $NEW
/usr/sbin/rhn-satellite
stop
[*] Restore the following files/directories (and all
subdirectories) from $ORIGINAL to $NEW:/var/satellite, /var/www/html/pub,
/root/ssl-build, and /etc/tnsnames.ora. I used rsync to mirror these
from $ORIGINAL to $NEW
[*] Install the rhn-httpd-ssl-key-pair-*-noarch.rpm file. For this, I needed to use the (–force) switch as the version of the rhn-httpd-ssl-key-pair*-noarch.rpm was the same (version 1.0-1 in my case)
[*] Install the rhn-httpd-ssl-key-pair-*-noarch.rpm file. For this, I needed to use the (–force) switch as the version of the rhn-httpd-ssl-key-pair*-noarch.rpm was the same (version 1.0-1 in my case)
rpm -Uvh /root/ssl-build/<MACHINE_NAME>/rhn-httpd-ssl-key-pair-<VERSION>.noarch.rpm --force
or
rpm -Uvh /root/ssl-build/<MACHINE_NAME>/rhn-org-httpd-ssl-key-pair-<VERSION>.noarch.rpm --force
[*] Use scp to copy the database backup from the $ORIGINAL to
$NEW, ensuring you also locate and copy the backup-log.dat file. These files
should all be copied to a single directory, preferably under /tmp.
[*] Restore the database using the db-control command. This is documented in more detail in the RHN Satellite Installation Guide
[*] Start the embedded database if it isn’t already.
[*] Restore the database using the db-control command. This is documented in more detail in the RHN Satellite Installation Guide
[*] Start the embedded database if it isn’t already.
/sbin/service
oracle start
[*] Fix up the database. Since we are migrating RHN Satellite
from a 32-bit system to a 64-bit system, we need to recompile the (now) invalid
schema objects in the database. Red Hat provides a script for this in the rhn-upgrade package,
which isn’t installed on $NEW. We’ll need to install it, and then run it as the
oracle user.
yum
install rhn-upgrade
su - oracle
cd /etc/sysconfig/rhn/satellite-upgrade/
export ORACLE_SID=rhnsat
sqlplus '/ as sysdba' @satellite-oracle-64-bit-fix.sql
exit
su - oracle
cd /etc/sysconfig/rhn/satellite-upgrade/
export ORACLE_SID=rhnsat
sqlplus '/ as sysdba' @satellite-oracle-64-bit-fix.sql
exit
[*] Activate the RHN Satellite (again, in disconnected mode)
rhn-satellite-activate --rhn-cert <ABSOLUTE
PATH TO RHN CERT> \
--ignore-version-mismatch --disconnected
--ignore-version-mismatch --disconnected
[*] Rebuild Search Indexes
/sbin/service
rhn-search cleanindex
[*] Redeploy configuration settings
/usr/share/spacewalk/setup/upgrade/rhn-load-config.pl
[*] Restart services
/usr/sbin/rhn-satellite
restart
[*] Insert the SSL CA public certificate into the database. It
should already be there, since you restored the database from backup. The rhn-ssl-dbstore command
will tell you if that is the case.
rhn-ssl-dbstore -vvv --ca-cert /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT
[*] Update Satellite monitoring scout setup
/usr/share/spacewalk/setup/upgrade/rhn-update-monitoring.pl
[*] Enable RHN push functionality. This assumes the following
# *must* have your SSL build directory in /root as /root/ssl-build
# *must* have your CA SSL public certificate located in your pub/
# directory and named as such:
# /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
# *must* have your SSL build directory in /root as /root/ssl-build
# *must* have your CA SSL public certificate located in your pub/
# directory and named as such:
# /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
/sbin/service
jabberd stop
/sbin/service osa-dispatcher stop
/usr/share/spacewalk/setup/upgrade/rhn-enable-push.pl
/sbin/service osa-dispatcher stop
/usr/share/spacewalk/setup/upgrade/rhn-enable-push.pl
[*] Port over any custom changes in /etc/rhn/rhn.conf.
I didn’t have any, but if you do, import them, and then restart Satellite
services
/usr/sbin/rhn-satellite
restart
[*] Test / verify $NEW. In my case, $NEW was using DHCP, so I
added a /etc/hosts entry on a couple of hosts to point to the hostname of
$ORIGINAL, using the IP of $NEW. Then performed the following validation
- Download RPMs from Red Hat provided & custom channels. This process was a little slow as Satellite was rebuilding repodata during this process.
- Ensure I could do configuration file tasks (rhncfg-client list)
[*] Change $ORIGINAL to use a different IP address, either static or DHCP. Shutdown Satellite services on $ORIGINAL
[*] Change $NEW’s IP address to the one that $ORIGINAL used to possess.
[*] On the hosted site, remove the Satellite entitlement from $ORIGINAL.
[*] Convert Satellite from disconnected mode. Modify the server.satellite.rhn_parent variable in /etc/rhn/rhn.conf to read
- Download RPMs from Red Hat provided & custom channels. This process was a little slow as Satellite was rebuilding repodata during this process.
- Ensure I could do configuration file tasks (rhncfg-client list)
[*] Change $ORIGINAL to use a different IP address, either static or DHCP. Shutdown Satellite services on $ORIGINAL
[*] Change $NEW’s IP address to the one that $ORIGINAL used to possess.
[*] On the hosted site, remove the Satellite entitlement from $ORIGINAL.
[*] Convert Satellite from disconnected mode. Modify the server.satellite.rhn_parent variable in /etc/rhn/rhn.conf to read
server.satellite.rhn_parent
= satellite.rhn.redhat.com
[*] Restart Satellite services to commit the above changes
/usr/sbin/rhn-satellite
restart
[*] Activate the RHN Satellite. This time, not in disconnected
mode. This will take care of getting $NEW the Satellite entitlement that was
formerly assigned to $ORIGINAL.
rhn-satellite-activate --rhn-cert <ABSOLUTE
PATH TO RHN CERT> \
--ignore-version-mismatch
--ignore-version-mismatch
[*] On $NEW, update the RHN profile, install any errata
(mainly updated Satellite packages)
rhn-profile-sync
yum update
yum update
[*] Restart Satellite services
/usr/sbin/rhn-satellite
restart
[*] More testing
- Synchronize satellite with RHN (satellite-sync)
- Ensure $NEW is listed as a Satellite on the hosted site
- Ensure clients can run updates.
[*] Final Steps
- Retire $ORIGINAL.
- Remove $ORIGINAL’s system entitlement from RHN
- Ensure backups are working on $NEW.
- Synchronize satellite with RHN (satellite-sync)
- Ensure $NEW is listed as a Satellite on the hosted site
- Ensure clients can run updates.
[*] Final Steps
- Retire $ORIGINAL.
- Remove $ORIGINAL’s system entitlement from RHN
- Ensure backups are working on $NEW.
Build a new satellite server
- build a new rhel with base only packages
- login rhn and remove the old system entry if needed.
register to rhn by "rhn_register" - edit /etc/sysconfig/rhn/up2date for for http only if needed:
useNoSSLForPackages=1
noSSLServerURL=http://xmlrpc.rhn.redhat.com/XMLRPC - if because of firewall restriction, do not want update from RH's akami servers, on rhn.redhat.com, edit the system properties, uncheck "Support Location-Aware update access".
- on rhn, add "Red Hat Network Tools for RHEL Server" from "Software"->"Software Channels".
- mount the "satellite-embedded-oracle" iso and run "install.pl" from it.
When run into "Public key for ...<package> is not installed", edit /etc/yum.conf, set "pgpcheck=0"
1. Complete a minimal installation of RHEL 4 or 5 (depending on the version of RHN Satellite that you will install).
2. Configure the system so that it can connect to RHN behind the HTTP proxy. Edit the file /etc/sysconfig/rhn/up2date.conf
enableProxy=1
enableProxyAuth=1
httpProxy=<http-proxy-fqdn>
proxyUser=<proxy-username>
proxyPassword=<proxy-password>
3. Register the system to RHN.
4. Begin the installation of RHN Satellite with the disconnected option.
# ./install.pl --disconnected
5. Once the installation is completed, you will need to add/modify your settings to the /etc/rhn/rhn.conf file:
server.satellite.http_proxy = <http-proxy-fqdn>
server.satellite.http_proxy_username = <proxy-username>
server.satellite.http_proxy_password = <proxy-password>
disconnected=0
6. Restart the Satellite service:
# service rhn-satellite restart
7. Reactivate the Satellite as a connected Satellite:
# rhn-satellite-activate --rhn-cert=<path-to-cert>Regist to Redhat Satellite
rpm -Uvh http://your-satellite.com/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
rhnreg_ks --activationkey mykey --serverUrl https://your-satellite.com/XMLRPC
/etc/sysconfig/rhn/sources specifies where up2date will search for packages.
/etc/sysconfig/rhn/up2date "serverURL=https://satellite-server/XMLRPC " specifies the satellite server
To update from the redhat server, use xmlrpc.rhn.redhat.com
satwho # list satellite user
satpasswd <user> # change satellite user password
satellite-sync -l # list satellite channels
satellite-sync -c channel # subscribe to channel
satellite-sync
rhn-satellite-activate
rhn-satellite restart
rhnpush : put package in customized channel
Redhat Satellite
config: /etc/sysconfig/rhn/systemid
packages: /var/satellite/redhat/
extend the size of a tablespace in my Red Hat Satellite database
https://access.redhat.com/kb/docs/DOC-11037
# service rhn-satellite stop (or rhn-satellite stop if using RHN Satellite 5.3.0)
# service rhn-database start (or /etc/init.d/oracle start if using RHN Satellite 5.3.0)
su - oracle -c "db-control report"
su - oracle -c "db-control extend <tablespace name>"
# service rhn-database stop (or /etc/init.d/oracle stop if using RHN Satellite 5.3.0)
# service rhn-satellite start (or rhn-satellite start if using RHN Satellite 5.3.0)
On Satellite 5.4.1:
# service rhn-satellite stop
Warning: /etc/init.d/rhn-satellite is obsolete.
Each service has its own init script now.
The whole suite can be manipulated using command /usr/sbin/rhn-satellite instead.
Correct procedure would be:
# rhn-satellite stop
# service oracle start
# su - oracle
-bash-3.2$ db-control extend DATA_TBS # repeat to increase further
-bash-3.2$ db-control report
-bash-3.2$ exit
# service oracle stop
# rhn-satellite start
rhn5 update:
# yum update
upgrade from DVD
https://access.redhat.com/knowledge/solutions/9743
http://www.howtoforge.com/creating_a_local_yum_repository_centos
Creation of yum repositories is handled by a separate tool called createrepo, which generates the necessary XML metadata.
# yum install createrepo
- Mount ISO
# mkdir -p /mnt/iso/{1,2,3}
# mount -o loop /path/to/centos1.iso /mnt/iso/1 - Create a repository
# cd /mnt/iso
# createrepo .
# yum clean all # clean repo - Create config file
# vi /etc/yum.repos.d/iso.repo
Append following text:
[My ISO Repository]
baseurl=file:///mnt/iso
enabled=1
If problem occur, run "yum clean all" first
(# yum clean all && yum clean metadata && yum clean dbcache && yum makecache && yum update -y)
For RHEL 4 (up2date)
In /etc/sysconfig/rhn/sources, comment out the following line:
#up2date default
Next, in the same file, create a line like the following:
dir mydvdrepo /media/cdrom/RedHat/RPMS
# up2date --nosig install gcc
Copy/Extract from satellite
We provide a utility called "reposync" which can be used to pull down /download the packages from RHN. You can use this command as given below:
# reposync --gpgcheck -l --repoid=channel-id --download_path=/downloadpath
Eg : # reposync --gpgcheck -l --repoid=rhel-x86_64-server-5 --download_path=/downloadpath
The above command will download the all the 64 bit packages for RHEL 5 in the mentioned download path. Then you need to run the following command to create the repository.
# cd /downloadpath
# createrepo .
'reposync' utility is provided by yum-utils package and 'createrepo' utility is provided by the package createrepo. You can install it on your system using yum.
No comments:
Post a Comment