RED HAT CONSULTING
RED HAT NETWORK SATELLITE
ACCELERATOR
ENGAGEMENT REPORT
PREPARED FOR: <CLIENTCOMPANY>
<CONFIDENTIALITY>
RED HAT CONSULTING
TABLE OF CONTENTS
1 PREFACE ..............................................................................................................................4
1.1
1.2
1.3
1.4
1.5
Confidentiality, Copyright, and Disclaimer .............................................................................. 4
Audience ..................................................................................................................................... 4
Background ................................................................................................................................. 4
Related Documents .................................................................................................................... 4
Terms ........................................................................................................................................... 4
2 CLIENT PREPARATION .......................................................................................................5
2.1 Staffing ........................................................................................................................................ 5
2.2 Client Provided Hardware and Facilities .................................................................................. 5
2.3 Hardware Server ......................................................................................................................... 5
2.3.1 External Storage ..................................................................................................................... 5
2.3.2 Facilities .................................................................................................................................. 6
2.4 Client Network Configuration .................................................................................................... 6
2.4.1 Static Routing ......................................................................................................................... 6
2.4.2 DNS ........................................................................................................................................ 6
2.4.3 NTP Specification ................................................................................................................... 7
2.4.4 Firewall ................................................................................................................................... 7
3 ENGAGEMENT DETAILS .....................................................................................................8
3.1 RHN Satellite Server Architecture ............................................................................................. 8
3.2 Server Configuration .................................................................................................................. 8
3.2.1 Operating System ................................................................................................................... 8
3.2.2 Storage Volumes .................................................................................................................... 8
3.2.3 Network Interfaces .................................................................................................................. 9
3.2.4 RHN Satellite Server Login Accounts ................................................................................... 10
3.2.5 Software Packages ............................................................................................................... 10
3.2.6 Network Client Services........................................................................................................ 10
3.3 RHN Satellite Configuration .................................................................................................... 12
3.3.1 RHN Satellite User Accounts ................................................................................................ 12
3.3.2 RHN Satellite Registration .................................................................................................... 12
3.3.3 Software Channels ............................................................................................................... 12
3.3.4 System Groups ..................................................................................................................... 13
3.3.5 Configuration Channels ........................................................................................................ 14
3.3.6 Activation Keys ..................................................................................................................... 14
3.3.7 Kickstart ................................................................................................................................ 14
3.3.8 Sub-Organizations ................................................................................................................ 14
3.3.9 Organizational Realms of Trust ............................................................................................ 14
3.3.10 RHN Satellite Server Daemons ......................................................................................... 15
3.3.11 Bootstrap Scripts ............................................................................................................... 15
3.4 RHN Satellite Maintenance ...................................................................................................... 15
3.4.1 Software Channel Content Synchronization ......................................................................... 15
3.4.2 Backing up the Embedded Oracle Database ....................................................................... 16
4 ENGAGEMENT CLOSURE .................................................................................................17
4.1 Knowledge Sharing .................................................................................................................. 17
4.1.1 Topics Covered..................................................................................................................... 17
4.1.2 Recipients ............................................................................................................................. 17
4.2 Testing ....................................................................................................................................... 17
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 2
RED HAT CONSULTING
5 RECOMMENDATIONS .......................................................................................................18
5.1 Engagement Observations ...................................................................................................... 18
5.1.1 RHN Satellite Database Backup ........................................................................................... 18
5.1.2 RHN Satellite Proxy Servers for Regional Datacenters ........................................................ 18
5.2 Additional Engagements ......................................................................................................... 18
5.2.1 Platform Standard Operating Environment ........................................................................... 18
5.2.2 RHEL Core Build .................................................................................................................. 18
5.2.3 RHEL Healthcheck ............................................................................................................... 18
5.3 Training and Certifications ...................................................................................................... 18
5.3.1 Red Hat Certified System Administrator (RHCSA) ............................................................... 18
5.3.2 Red Hat Enterprise Deployment and System Management ................................................. 19
6 APPENDICES ......................................................................................................................20
6.1
6.2
6.3
6.4
Appendix A: Software Package Listing .................................................................................. 20
Appendix B: RHN Satellite Server Kickstart File ................................................................... 23
Appendix C: RHN Satellite Server Certificate ........................................................................ 27
Appendix D: Test plan and Test Results ................................................................................ 28
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 3
RED HAT CONSULTING
1
PREFACE
1.1
Confidentiality, Copyright, and Disclaimer
This is a confidential document between Red Hat, Inc. and Example.com (“Client”).
Copyright 2012 Red Hat, Inc. All Rights Reserved. No part of the work covered by the copyright herein may be
reproduced or used in any form or by any means- graphic, electronic, or mechanical, including photocopying,
recording, taping, or information storage and retrieval systems without permission in writing from Red Hat.
This document is not a quote and does not include any binding commitments by Red Hat.
1.2
Audience
This document is intended for Client technical staff responsible for the following functions:
•
•
•
1.3
Developing and maintaining a Red Hat Enterprise Linux Standard Operating Environment (SOE)
Provisioning, supporting and maintaining of Red Hat Enterprise Linux servers
Supporting and maintaining the RHN Satellite server
Background
This document provides the reader with a detailed description of the RHN Satellite server installed by Red Hat
Professional Services for Client as part of the Red Hat Network Satellite Accelerator professional services
solution offering.
1.4
•
•
•
•
•
1.5
Related Documents
Red Hat Network Satellite – Installation Guide 5.4
Red Hat Network Satellite - Release Notes 5.4
Red Hat Network Satellite – Reference Guide 5.4
Red Hat Network Satellite – Client Configuration Guide 5.4
Red Hat Network Satellite – Channel Management Guide 5.4
Terms
The table below provides a glossary of the terms and acronyms used within this document.
Acronym
Description
DAS
Direct Attached Storage
DNS
Domain Name Service
FQDN
Fully Qualified Domain Name
iSCSI
Internet Small Computer System Interface
NAS
Network Attached Storage
RHEL
Red Hat Enterprise Linux
RPM
Software Package in RPM format
RHN
Red Hat Network
SAN
Storage Area Network
SELinux
Security Enhanced Linux
SOE
Standard Operating Environment
Table 1-1: Term Definitions
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 4
RED HAT CONSULTING
2
CLIENT PREPARATION
This section details pre-requisites and preparation efforts that Client was to complete prior to the engagement.
Where applicable, the onsite consultant has validated the provided data and made for any discrepancies or
additional detail.
2.1
Staffing
The Client will make certain staff members available to the Red Hat Consultant in order to facilitate completion of
the task list. The following persons were identified by the Client to support the engagement:
Role
Purpose
Client Assignment
Contact Info
Project Manager
Overall facilitation and
escalation
Brian Griffin
bgriffin@example.com
(512) 555-5014
Network Admin
Network configuration
and specification
Ravi Shiva
rshiva@example.com
(512) 555-1999
System Admin
Support onsite
configuration and
troubleshooting.
Receive Knowledge
Sharing from onsite
consultant.
Witness onsite testing.
Steve Austin
saustin@example.com
(512) 555-6001
Table 2-1: Client Contact Information
2.2
Client Provided Hardware and Facilities
2.3
Hardware Server
This section details the client-provided server and storage hardware that will host the RHN Satellite server
environment.
The table below provides a summary of the RHN Satellite server hardware details.
Description
Value
Validated / Notes
Model
ProLiant DL380 G5
yes
Processor
Dual Intel(R) Xeon(R) CPU 2.33GHz
yes
Memory
4 GB
Actual server used has 16GB
Network Cards
Intel Corporation 82571EB Gigabit
Ethernet Controller
yes
Internal disk model,
size and RAID
configuration
2x146 GB SCSI Drives in RAID 1
yes
Remote
Management Card
Compaq Computer Corporation
Integrated Lights Out Controller
yes
VGA
ATI Technologies Inc. ES1000 (rev
02)
yes
Table 2-2: Hardware Server Details
2.3.1
External Storage
The table below provides a summary of the external storage accessed by the RHN Satellite server.
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 5
RED HAT CONSULTING
Description
Value
Validated / Notes
Storage Model
EMC DMX
yes
Multi-Pathing
solution
DM MPIO
yes
LUNs presented
including RAID level
1x 100 GB LUN
yes
Table 2-3: External Storage Details
2.3.2
Facilities
Client has provided the following facilities for use in completing the engagement:
Description
Value
Validated / Notes
Server Power
Sufficiently stable power (preferably
uninterruptable power source) for the
specified Client-provider server
yes
Server Cooling
Sufficiently stable cooling capacity to
maintain the specified Client-provider
server within normal operating
temperatures
yes
Table 2-4: Facilities Details
2.4
Client Network Configuration
The following table details Client’s specific network configuration for the target RHN Satellite server environment
network prior to the engagement. The satellite server requires a static IP address.
Description
Value
Validated / Notes
Assigned static IP
address
10.56.138.12
yes
NETMASK
255.255.255.0
yes
GATEWAY
10.56.138.3
yes
RHN Satellite Server
Hostname
satellite.example.com
yes
Table 2-5: Client Network Configuration Details
2.4.1
Static Routing
There are no static routes defined for the RHN Satellite server.
2.4.2
DNS
A fully qualified hostname including both a forward lookup entry (A record) and a reverse lookup entry (PTR
record) has been configured in DNS as defined in the following table:
Description
Value
Validated / Notes
Search Domain
example.com
yes
Name servers
10.56.98.20
10.48.2.47
yes
Table 2-6: DNS Details
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 6
RED HAT CONSULTING
2.4.3
NTP Specification
Description
Value
Validated / Notes
NTP Server(s)
ticktock1.example.com
ticktock2.example.com
ticktock3.example.com
yes
Table 2-7: NTP Details
2.4.4
Firewall
The table below shows the firewall rules required to be in place to allow RHN Satellite to provision and manage
hosts in the environment. These firewall rules are implemented by a Cisco firewall.
Port
Direction
Source
Reason
Validated / Notes
80
Outbound
10.56.138.12
(Client assigned IP
address for RHN
Satellite Server)
Satellite uses this port to reach
rhn.redhat.com,
xmlrpc.rhn.redhat.com and
satellite.rhn.redhat.com(unless
running in a disconnected mode
for Satellite)
yes
80
Inbound
All System Admin
workstations and
RHEL Hosts
WebUI and client requests come
in via either http or https
yes
443
Inbound
All System Admin
workstations and
RHEL Hosts
WebUI and client requests come
in via either http or https
yes
443
Outbound
10.56.138.12
(Client assigned IP
address for RHN
Satellite Server)
To reach rhn.redhat.com,
xmlrpc.rhn.redhat.com and
satellite.rhn.redhat.com(unless
running in a disconnected mode
for Satellite)
yes
5222
Inbound
All RHEL Hosts
push actions to client systems
yes
Table 2-8: Firewall Details
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 7
RED HAT CONSULTING
3
ENGAGEMENT DETAILS
3.1
RHN Satellite Server Architecture
The Red Hat Network (RHN) Satellite server architecture for Example.com Inc. consists of a single instance of
RHN Satellite server v5.4, satellite.example.com located within their Sydney data center DMZ. The RHN Satellite
server connects directly to Red Hat's RHN hosted Satellite infrastructure and is configured to use the embedded
Oracle 10g database. At the time of writing, Example.com Inc. has on the order of twenty Red Hat Enterprise
Linux clients registered with the RHN Satellite server.
3.2
Server Configuration
The client-provided RHN Satellite Server defined in 2.3 Hardware above was configured as follows:
3.2.1
Operating System
The RHN Satellite server was installed using the kickstart file located in 6.2 Appendix B: RHN Satellite Server
Kickstart File. The base operating system is Red Hat Enterprise Linux v5 and consists of a small install footprint
including the software packages listed below.
3.2.2
Storage Volumes
This section details the storage configuration of the RHN Satellite server including all file systems located on both
internal and external storage devices.
3.2.2.1 Storage Device Multipathing
Device Mapper MultiPath IO (DM MPIO) provides multipathing to the SAN attached storage. To simplify LUN
storage, device aliases are used to refer to LUNs. The mapping is based on each LUN's UUID.
3.2.2.2 Physical Volumes
Physical Volume
Size (GB)
Description
/dev/cciss/c0d0p1
0.2
/boot file system
/dev/cciss/c0d0p2
136.5
Base OS file systems
/dev/mapper/LUN01
100.0
Satellite file systems
Table 3-1: Physical Volumes Detail
3.2.2.3 Volume Groups
Volume Group
Physical Volume(s)
Size (GB)
Software RAID Level
vg00
/dev/cciss/c0d0p2
136.5
-
vg01
/dev/mapper/LUN01
100.0
-
Table 3-2: Volume Groups Detail
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 8
RED HAT CONSULTING
3.2.2.4 Logical Volumes
Logical Volume
Mount Point
Volume Group
Size (GB)
/dev/vg00/lv_root
/
vg00
8.0
/dev/vg00/lv_var
/var
vg00
4.0
/dev/vg00/lv_crash
/var/crash
vg00
4.0
/dev/vg00/lv_tmp
/tmp
vg00
2.0
/dev/vg01/lv_varsat
/var/satellite
vg01
85.0
/dev/vg01/lv_rhnsat
/rhnsat
vg01
15.0
Table 3-3: Logical Volumes Detail
3.2.3
Network Interfaces
The RHN Satellite server is located in Example.com Inc.'s data center and consists of two network interfaces
configured using Ethernet bonding in an active backup configuration.
3.2.3.1 Network Interface eth0
Description
Value
DEVICE
eth0
ONBOOT
yes
BOOTPROTO
none
USERCTL
no
IPV6INIT
No
TYPE
Ethernet
MASTER
bond0
SLAVE
yes
Table 3-4: Network Interface Detail - eth0
3.2.3.2 Network Interface eth1
Description
Value
DEVICE
eth1
ONBOOT
yes
BOOTPROTO
none
USERCTL
no
IPV6INIT
no
TYPE
Ethernet
MASTER
bond0
SLAVE
yes
Table 3-5: Network Interface Detail - eth1
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 9
RED HAT CONSULTING
3.2.3.3 Network Interface bond0
Description
Value
DEVICE
bond0
ONBOOT
yes
BOOTPROTO
none
USERCTL
no
IPV6INIT
no
TYPE
Ethernet
IPADDR
10.56.138.12
NETMASK
255.255.255.0
GATEWAY
10.56.138.3
Table 3-6: Netowrk Interface Detail - bond0
3.2.3.4 Static Routing
There are no static routes defined on the RHN Satellite server.
3.2.4
RHN Satellite Server Login Accounts
The table below shows the login accounts created on the RHN Satellite server and their associated privileges.
Login Account
Role
rpmbuild
Created for the purpose of building third party RPMs
Table 3-7: Login Account Detail
3.2.5
Software Packages
Refer to 6.1 Appendix A: Software Package Listing for a listing of software packages and package groups
installed on the RHN Satellite server host during provisioning in preparation for installation of the RHN Satellite
server software.
3.2.6
Network Client Services
In this section we detail all client network services configured on the RHN Satellite server to facilitate correct
operation and management.
3.2.6.1 NTP
The RHN Satellite Server was configured with the following settings.
Parameter
Value
Restrict
restrict 127.0.0.1
NTP Servers
ticktock1.example.com
ticktock2.example.com
ticktock3.example.com
Table 3-8: NTP Detail
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 10
RED HAT CONSULTING
3.2.6.2 Syslogd
Parameter
Value
Kern.*
/dev/console
*.info;mail.none;authpriv.none;cron.none
/var/log/messages
Table 3-9: Syslogd Detail
3.2.6.3 DNS
The RHN Satellite server was configured with both a forward lookup entry (A record) and a reverse lookup entry
(PTR record) in DNS as defined in 2.4.2 above.
3.2.6.4 Client Network Configuration
Description
Value
Validated / Notes
Server Power
Sufficiently stable power (preferably
uninterruptable power source) for the
specified Client-provider server
yes
Server Cooling
Sufficiently stable cooling capacity to
maintain the specified Client-provider
server within normal operating
temperatures
yes
Table 3-10: Client Network Configuration Detail
Forward and reverse lookups were successfully validated within Example.com’s network.
3.2.6.5 Facilities
Client has provided the following facilities for use in completing the engagement:
Description
Value
Validated / Notes
Server Power
Sufficiently stable power (preferably
uninterruptable power source) for the
specified Client-provider server
yes
Server Cooling
Sufficiently stable cooling capacity to
maintain the specified Client-provider
server within normal operating
temperatures
yes
LUNs presented
including RAID level
1x 100 GB LUN
yes
Table 3-11: Client Facilities Detail
3.2.6.6 Mail
The RHN Satellite Server was configured for Sendmail as follows:
Parameter
Value
SMART_HOST
mail.example.com
Table 3-12: Mail Server Detail
3.2.6.7 Firewall Rules
The firewall rules specified in 2.4.4 Firewall were validated on the RHN Satellite server.
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 11
RED HAT CONSULTING
3.3
RHN Satellite Configuration
3.3.1
RHN Satellite User Accounts
The table below shows the user accounts created on the RHN Satellite instance and their associated privileges.
User
Role
sat-admin
Organizational Administrator
suborgA-admin
Organizational Administrator for Sub-Organization A.
Table 3-13: User Accounts Detail
3.3.2
RHN Satellite Registration
The table below summarizes the RHN Satellite server configuration details entered during the installation process
as described in section 4.2 RHN Satellite Server Installation Program of Red Hat Network Satellite – Installation
Guide 5.4
Description
Value
Product
Red Hat Network Satellite
Version
5.4
Architecture
Connected
Organization
Example.com Inc.
Organization Unit
Technical Services
Administrator e-mail Address
sysadmin@example.com
City
Sydney
State
NSW
Country
Australia
Server cert Expiration (year)
2036
RHN Parent Server
Satellite.rhn.redhat.com
HTTP Proxy Server
-
HTTP Proxy Server User name
-
Enable SSL
Yes
Table 3-14: Satellite Registration Detail
3.3.2.1 RHN Satellite Entitlement Certificate
A copy of the activated RHN Satellite certificate sat-example.cert can be found in 6.3 Appendix C: RHN
Satellite Server Certificate. Please refer to section 5.2 Uploading the RHN Satellite Certificate of Red Hat
Network Satellite – Installation Guide 5.4 for instructions on updating the certificate if issued with a new certificate
by Red Hat in the future.
3.3.3
Software Channels
3.3.3.1 Software Base Channels
A software base channel is a logical grouping of Red Hat Enterprise Linux packages; for example, the base
channel Red Hat Enterprise Linux (v.5 for 32-bit x86), is, as its name suggests a container for packages
belonging to Red Hat Enterprise Linux v5 for the x86 architecture.
The RHN Satellite server has been subscribed to the following base software channels:
•
Red Hat Enterprise Linux v5.0 x86
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 12
RED HAT CONSULTING
•
Red Hat Enterprise Linux v5.0 EM64T
3.3.3.2 Clone Software Channels
The following clone channels have been created from the imported base software channels detailed in 3.3.3.1
Software Base Channels. Clone software channels allow Red Hat Enterprise Linux servers to be managed more
easily by giving administrators greater control over which packages and errata are contained in the base channel
that a specific host is registered against.
•
Example.com Inc - Red Hat Enterprise Linux v5.0 x86 - 20081101
3.3.3.3 Custom Software Channels
A custom software channel is a logical container for third party and in-house developed packages in the RPM
format. Custom software channels allow administrators to deploy RPMs using yum or up2date as they would any
Red Hat built package. The following custom software channel has been created:
•
Example.com Inc – Third Party Software v5.0 x86 - 20081101
3.3.3.3.1
Site GPG key
The user rpmbuild has been created for the purpose of digitally signing third party RPMs using a GPG key. The
details of the GPG key are provided below:
GPG URL: http://satellite.example.com/pub/EXAMPLE-GPG-KEY
GPG Key ID: 1E61EC41
GPG Fingerprint: B334 9169 2EB6 35D3 7166
3.3.3.3.2
C8F3 042E F928 1E61 EC41
Digitally Signing RPMs
The file.rpmmacros has been created in the home directory of the rpmbuild user. This file is referenced by the
rpm command when signing packages. The file contains the following content:
%_signature gpg
%_gpg_name RPM Build User <rpmbuild@satellite.example.com>
%_signature - specifies the signature type. The rpm command only supports GPG and PGP
%_gpg_name – specifies the name of the user whose key you wish to use when signing the RPM
The package myapp-1.0.0.0.noarch.rpm, was digitally signed using the following command:
[rpmbuild@satellite ~]$ rpm –resign myapp-1.0.0.0.noarch.rpm
Once the package was signed, it was digitally verified.
[rpmbuild@satellite ~]$ rpm --checksig -v myapp-1.0.0.0.noarch.rpm
The package was then pushed to the RHN Satellite server.
[rpmbuild@satellite ~]$ rhnpush -c third-party-rhel5x86-20081101 --server localhost
myapp-1.0.0.0.noarch.rpm
3.3.4
System Groups
System groups allow systems to be grouped together into logical sets based on an arbitrary association. Once
grouped together, Red Hat Enterprise Linux hosts can be managed as a group, which has obvious efficiencies.
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 13
RED HAT CONSULTING
Group Name
Description
Web Servers
This group contains all web servers at Example.com Inc.
Table 3-15: System Groups Detail
3.3.5
Configuration Channels
Configuration channels are containers for configurations files that are logically related.
Configuration Channel
Files Contained within Channel
rhel5-default
/etc/issue
/etc/ntp.conf
/etc/ntp/step-tickers
/etc/syslog.conf
/etc/mail/sendmail.mc
/etc/mail/sendmail.cf
Table 3-16: Configuration Channels Detail
3.3.6
Activation Keys
Activation keys provide a convenient way to associate a Red Hat Enterprise Linux server with configuration
channels, software channels and system groups.
Activation Key
Software Channels
Groups
Packages
Configuration
Channels
rhel5-x86
Example.com Inc Red Hat Enterprise
Linux v5.0 x86 –
20081101
Web Servers
-
rhel5-default
Table 3-17: Activation Keys Detail
3.3.7
Kickstart
A vanilla kickstart file named rhel5x86-demo was created as part of the professional services engagement. The
purpose of this kickstart file is to demonstrate configuration of the RHN Satellite server and it should not be
considered as defining a core build.
FYI:
3.3.8
A kickstart file is a plain text file used by the anaconda installer. It can be thought of as a
blueprint that completely defines a Red Hat Enterprise Linux host.
Sub-Organizations
A sample sub-organization “SubOrgA” was created for the purpose of demonstrating delegation of entitlement
certificates and organizational realms of trust.
FYI:
3.3.9
RHN Satellite allows you to create multiple organizations for the division of systems, content
and subscriptions across different organizations or specific groups. In addition to the main
organization defined within RHN Satellite.
Organizational Realms of Trust
An organizational trust was set up between the default organization and SubOrgA.
FYI:
Organizations can share their resources (e.g. systems, custom channels and kick-start files)
with each other by establishing an organizational trust in RHN Satellite. An organizational
trust is bi-directional, meaning that once a Satellite administrator establishes a trust between
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 14
RED HAT CONSULTING
two or more organizations, the organization administrator from each organization is free to
share as much or as little of their resources as they choose to.
3.3.10 RHN Satellite Server Daemons
To simplify server management, Red Hat provides a master service, rhn-satellite, which allows administrators to
stop, start and obtain the status of all services in the correct order. This service is configured to start automatically
at server boot time.
The RHN Satellite service is provided by the following individual services:
•
•
•
•
•
•
•
•
•
Jabberd
rhn-database
osa-dispatcher
taskomatic
tomcat5
satellite-httpd
Monitoring (if monitoring is enabled)
MonitoringScout (if monitoring is enabled)
rhn-search
3.3.11 Bootstrap Scripts
The bootstrap script rhel5x86.sh is located at http://satellite.example.com/pub/rhel5x86.sh Instructions
on how to use the script can be found in the header section of the script. Details of how to create additional
bootstrap scripts can be found in section 4.2 RHN Satellite Server Installation Program of Red Hat Network
Satellite – Installation Guide 5.4
Warning:
While hosts provisioned via RHN Satellite server are automatically registered with RHN
Satellite, hosts provisioned by other means need to be specifically registered.
FYI:
A bootstrap script, in the context of RHN Satellite server, is a shell script used to register a
host with RHN Satellite.
3.4
RHN Satellite Maintenance
In this section we describe the steps necessary to maintain a healthy RHN Satellite server, avoid unnecessary
outages of service and retain an up-to-date repository of Red Hat Enterprise Linux software channel content.
3.4.1
Software Channel Content Synchronization
After the initial software base channel synchronization, connected RHN Satellite installations should use a cron
job to synchronize channel content on a nightly basis. The crontab entry below can be used to perform this task.
#
# Synchronize Channel Content
#
# The cron job defined below runs at a random time between
# 1:00 and 3:30 AM. It synchronized
all imported channels
# and sends a status message to the administrator account
#
0 1 * * * perl -le 'sleep rand 9000' && satellite-sync --email >/dev/null 2>/dev/null
Channel content on disconnected RHN Satellite server installations should be updated as part of a regular
maintenance schedule. A suggested schedule is once every three months. Channel content ISOs can be
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 15
RED HAT CONSULTING
obtained from RHN hosted and used to synchronize the disconnected RHN Satellite server installation as
described in section 6.2 Importing with RHN Satellite Synchronization Tool of Red Hat Network Satellite –
Installation Guide 5.3
3.4.2
Backing up the Embedded Oracle Database
The Oracle database used by each RHN Satellite server installation should be backed up in line with the client's
backup policy. A comprehensive approach to backup and recovery of the Satellite server is described in sections
8.3 Backing up the Satellite and 8.4 Using RHN DB Control of Red Hat Network Satellite – Installation Guide 5.4
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 16
RED HAT CONSULTING
4
ENGAGEMENT CLOSURE
4.1
Knowledge Sharing
Knowledge sharing was provided during the course of the configuration and testing conducted onsite.
4.1.1
Topics Covered
The following topics were covered as part of the knowledge sharing:
Topic
Completed
Review Red hat Network Satellite architecture, requirements, features and limitations
Yes
Review sync of channels and how to add new channels when needed
Yes
Review Red hat Network Satellite design, configuration and maintenance
Yes
Review Red hat Network Satellite installation layout, log files and basic
troubleshooting
Yes
Discuss how to communicate effectively with Red Hat Support
Yes
Table 4-1: Kowledge Sharing Topics Covered
4.1.2
Recipients
Knowledge sharing was specifically provided to the following individual(s):
Client Staff Member
Notes
Steve Austin
Example.com, Inc.
•
•
Joe Bagger
AAA Support Services
(Client’s contracted IT
augmentation staffer)
•
•
•
Steve was unavailable the first day of the engagement and
missed the initial configuration of the RHEL Server in
preparation for RHN Satellite configuration.
Steve was present for the remaining 3 days of onsite effort.
Joe sat in for Steve on the first day during the initial
configuration of the RHEL Server in preparation for RHN
Satellite configuration.
Joe sat in for intermittent periods during the remaining onsite
effort as his schedule permitted.
In addition, Joe also witnessed the Test Case execution and
received additional knowledge sharing regarding third party
RPM configuration during that time.
Table 4-2: Knowledge Sharing Recipients Detail
4.2
Testing
Testing was conducted onsite in accordance with a pre-defined test plan as documented in 6.4 Appendix D: Test
plan and Test Results. Testing was conducted by the consultant onsite and was witnessed by a representative for
Example.com, Inc. as follows:
Description
Value
Overall Test Results
Successful with no exceptions
Testing Completed on date:
May 17, 2011
Testing Witnessed by:
Steve Austin (Example.com)
Joe Bagger (AAA Support Services)
Table 4-3: Test Results
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 17
RED HAT CONSULTING
5
RECOMMENDATIONS
5.1
5.1.1
Engagement Observations
RHN Satellite Database Backup
As part of the engagement, a scheduled task was created (using cron) to backup the RHN Satellite database to a
local disk. A more robust solution, given Example.com’s production requirements would be to leverage
Example.com’s existing corporate backup software suite to backup the RHN Satellite database using the
corporate solution for Disk to Disk to Tape backup for improved archival and recovery options.
5.1.2
RHN Satellite Proxy Servers for Regional Datacenters
Given Example.com’s distributed IT environment, a single RHN Satellite Server with distant connection to each of
the 3 regional datacenters represents a single point of failure. Rather than creating redundant RHN Satellite
Servers at each location, Example.com should configure RHN Satellite Proxy Servers at each of the 3 regional
datacenters which link back to the RHN Satellite Server at Example.com’s primary datacenter. By doing so,
Example.com can administer and manage the RHEL install base from a single location rather than having to
repeat every RHN Satellite configuration action at each datacenter. Doing so will also allow Example.com to
manage a more complete view (organizations, server groups) of their RHEL install base.
5.2
5.2.1
Additional Engagements
Platform Standard Operating Environment
Given Example.com’s intent to expand their RHEL install base across multiple datacenters, the Platform Standard
Operating Environment engagement is recommended to set the proper foundational structure for consistent,
reliable, compliant systems provisioning and management.
5.2.2
RHEL Core Build
A RHEL Core Build is recommended for Example.com’s base-level RHEL configuration as well as for functional
workload servers that Example.com has currently deployed on RHEL including Database Servers, Web Servers,
Application Servers, and Transaction Processing Servers. By creating Core Builds by functional area which inherit
from the base-level RHEL Core Build, Example.com can more effectively provision, tune, and manage RHEL
systems for their specific functions.
5.2.3
RHEL Healthcheck
Given Example.com’s ramp-up in deploying managed RHEL systems, a RHEL Healthcheck is recommended at 6
and 12 months out to review Example.com’s evolving RHEL architecture and management processes and to
make recommendations on how to more effectively deploy and manage RHEL in Example.com’s growing and
evolving IT environment.
5.3
Training and Certifications
Specific course descriptions and availability can be found on Red Hat’s website under Training and Certification.
The following courses are recommended:
5.3.1
Red Hat Certified System Administrator (RHCSA)
Example.com should invest in certifying 2 RHCSA resources within their IT support staff to ensure the team can
adequately manage and maintain the expanding RHEL base at Example.com. Various courses are available from
Red Hat to train RHCSA candidates and prepare them for the certification exam including ground up and
fastracks for existing Unix and Linux admins – The following course is a likely fit for Example.com’s experienced
UNIX admin staff:
RHCSA Rapid Track course with exam (RH200)
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 18
RED HAT CONSULTING
“The RHCSA Rapid Track course with exam (RH200) is designed for experienced Linux and Unix
system administrators who want to become accredited with the RHCSA certification. Stu- dents
will learn to manage a Linux server, including installation and configuration of local components
and services, as well as connections to existing network services. To successfully navigate this
accelerated course, students must already have solid command line skills and know how to
access man pages for help.”
5.3.2
Red Hat Enterprise Deployment and System Management
The Red Hat Network Satellite Accelerator engagement is a first step for Example.com in creating a robust, wellmanaged RHEL install base. As Example.com continues their plans to expand the use of RHEL, they should
invest in getting at least two resources trained on more detailed RHN Satellite implementation and RHEL
management techniques. The following Red Hat course is recommended:
Red Hat Enterprise Deployment and Systems Management (RH401)
Red Hat Enterprise Deployment and Systems Management (RH401) is a four-day, lab-based
course that explores the concepts and methods necessary for efficient deployment and
management of Red Hat Enterprise Linux systems. Central to the course is training on the use of
the Red Hat Network Satellite Server for deployment and provisioning of Red Hat Enterprise
Linux systems. By the end of this course, students will have built and configured their own Red
Hat Network Satellite Server for use by a small team of system administrators, created and
deployed custom RPM packages, and used Subversion version control to manage changes to
scripts.
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 19
RED HAT CONSULTING
6
APPENDICES
6.1
Appendix A: Software Package Listing
The following listing depicts the packages and package groups listed below are those installed on the RHN
Satellite server host during provisioning in preparation for installation of the RHN Satellite server software.
@ Base
ntp
# Followings are also required if it's off line (disconnected):
alsa-lib
ant
antlr
apr
apr-util
axis
bcel
classpathx-jaf
classpathx-mail
compat-db
compat-libstdc++-33
createrepo
crypto-utils
distcache
eclipse-ecj
elfutils
elfutils-libs
gd
geronimo-specs
geronimo-specs-compat
gjdoc
httpd
jakarta-commons-beanutils
jakarta-commons-codec
jakarta-commons-collections
jakarta-commons-daemon
jakarta-commons-dbcp
jakarta-commons-digester
jakarta-commons-discovery
jakarta-commons-el
jakarta-commons-fileupload
jakarta-commons-httpclient
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 20
RED HAT CONSULTING
jakarta-commons-lang
jakarta-commons-launcher
jakarta-commons-logging
jakarta-commons-modeler
jakarta-commons-pool
jakarta-commons-validator
jakarta-oro
jakarta-taglibs-standard
java-1.4.2-gcj-compat
jdom
jpackage-utils
libart_lgpl
libgcj
libXp
libXpm
libXtst
libxslt
log4j
mkisofs
mod_perl
mod_python
mod_ssl
mx4j
newt-perl
perl-Archive-Tar
perl-BSD-Resource
perl-Compress-Zlib
perl-DateManip
perl-DBI
perl-Digest-HMAC
perl-Digest-SHA1
perl-HTML-Parser
perl-HTML-Tagset
perl-IO-Socket-SSL
perl-IO-Zlib
perl-libwww-perl
perl-Net-SSLeay
perl-TimeDate
perl-URI
perl-XML-Dumper
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 21
RED HAT CONSULTING
perl-XML-LibXML
perl-XML-LibXML-Common
perl-XML-NamespaceSupport
perl-XML-Parser
perl-XML-SAX
pkgconfig
postgresql-libs
python-devel
PyXML
regexp
rpm-build
struts
tftp-server
tomcat5
tomcat5-common-lib
tomcat5-jasper
tomcat5-jsp-2.0-api
tomcat5-server-lib
tomcat5-servlet-2.4-api
wsdl4j
xalan-j2
xerces-j2
xinetd
xml-commons
xml-commons-apis
xml-commons-resolver
yum-utils
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 22
RED HAT CONSULTING
6.2
Appendix B: RHN Satellite Server Kickstart File
# Kickstart file automatically generated by anaconda.
install
url --url http://10.56.226.27/pub/trees/rh5u4/disc1
lang en_US.UTF-8
langsupport --default=en_AU.UTF-8 en_AU.UTF-8
keyboard us
xconfig --card "ATI Rage XL" --videoram 8128 --hsync 31.5-37.9 --vsync 50.0-61.0 -resolution 800x600 --depth 24
network --device eth0 --bootproto static --ip 10.56.98.206 --netmask 255.255.255.0 -gateway 10.56.98.3 --nameserver 10.56.98.20 --hostname satellite.example.com
rootpw --iscrypted $1$71jh$HkSD7cNOFaYYDfimfPP4U1
firewall --disabled
selinux –-enabled
authconfig --enableshadow --enablemd5
timezone Australia/Sydney
bootloader --location=mbr --append="rhgb quiet"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --all --initlabel
part /boot --fstype ext3 --size=100 --asprimary
part pv.100000 --size=100 --grow
volgroup os --pesize=32768 pv.100000
logvol / --fstype ext3 --name=root --vgname=os --size=8192
logvol /tmp --fstype ext3 --name=tmp --vgname=os --size=2048
logvol /var --fstype ext3 --name=var --vgname=os –size=4096
logvol /var/crash --fstype ext3 --name=varcrash --vgname=os –size=4096
%packages
@base
ntp
# additional requirements since satellite-5.4:
alsa-lib
ant
antlr
apr
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 23
RED HAT CONSULTING
apr-util
axis
bcel
classpathx-jaf
classpathx-mail
compat-db
compat-libstdc++-33
createrepo
crypto-utils
distcache
eclipse-ecj
elfutils
elfutils-libs
gd
geronimo-specs
geronimo-specs-compat
gjdoc
httpd
jakarta-commons-beanutils
jakarta-commons-codec
jakarta-commons-collections
jakarta-commons-daemon
jakarta-commons-dbcp
jakarta-commons-digester
jakarta-commons-discovery
jakarta-commons-el
jakarta-commons-fileupload
jakarta-commons-httpclient
jakarta-commons-lang
jakarta-commons-launcher
jakarta-commons-logging
jakarta-commons-modeler
jakarta-commons-pool
jakarta-commons-validator
jakarta-oro
jakarta-taglibs-standard
java-1.4.2-gcj-compat
jdom
jpackage-utils
libart_lgpl
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 24
RED HAT CONSULTING
libgcj
libXp
libXpm
libXtst
libxslt
log4j
mkisofs
mod_perl
mod_python
mod_ssl
mx4j
newt-perl
perl-Archive-Tar
perl-BSD-Resource
perl-Compress-Zlib
perl-DateManip
perl-DBI
perl-Digest-HMAC
perl-Digest-SHA1
perl-HTML-Parser
perl-HTML-Tagset
perl-IO-Socket-SSL
perl-IO-Zlib
perl-libwww-perl
perl-Net-SSLeay
perl-TimeDate
perl-URI
perl-XML-Dumper
perl-XML-LibXML
perl-XML-LibXML-Common
perl-XML-NamespaceSupport
perl-XML-Parser
perl-XML-SAX
pkgconfig
postgresql-libs
python-devel
PyXML
regexp
rpm-build
struts
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 25
RED HAT CONSULTING
tftp-server
tomcat5
tomcat5-common-lib
tomcat5-jasper
tomcat5-jsp-2.0-api
tomcat5-server-lib
tomcat5-servlet-2.4-api
wsdl4j
xalan-j2
xerces-j2
xinetd
xml-commons
xml-commons-apis
xml-commons-resolver
yum-utils
%post
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 26
RED HAT CONSULTING
6.3
Appendix C: RHN Satellite Server Certificate
<?xml version="1.0" encoding="UTF-8"?>
<rhn-cert version="0.1">
<rhn-cert-field name="product">RHN-SATELLITE-001</rhn-cert-field>
<rhn-cert-field name="owner">Example.com</rhn-cert-field>
<rhn-cert-field name="issued">2007-11-29 21:27:29</rhn-cert-field>
<rhn-cert-field name="expires">2011-07-11 00:00:00</rhn-cert-field>
<rhn-cert-field name="slots">516</rhn-cert-field>
<rhn-cert-field name="provisioning-slots">510</rhn-cert-field>
<rhn-cert-field name="virtualization_host">3</rhn-cert-field>
<rhn-cert-field name="channel-families" quantity="207" family="rhel-devsuite"/>
<rhn-cert-field name="channel-families" quantity="207" family="rhel-sdk"/>
<rhn-cert-field name="channel-families" quantity="207" family="rhel-server"/>
<rhn-cert-field name="channel-families" quantity="207" family="rhel-server-fastrack"/>
<rhn-cert-field name="channel-families" quantity="207" family="rhel-server-hts"/>
<rhn-cert-field name="channel-families" quantity="207" family="rhel-serversupplementary"/>
<rhn-cert-field name="channel-families" quantity="3" family="bea-weblogic-jrockit7.0"/>
<rhn-cert-field name="channel-families" quantity="3" family="rhel-cluster"/>
<rhn-cert-field name="channel-families" quantity="3" family="rhel-rhaps"/>
<rhn-cert-field name="channel-families" quantity="3" family="rhel-server-cluster"/>
<rhn-cert-field name="channel-families" quantity="3" family="rhel-server-vt"/>
<rhn-cert-field name="channel-families" quantity="717" family="rhn-tools"/>
<rhn-cert-field name="satellite-version">5.4</rhn-cert-field>
<rhn-cert-field name="generation">2</rhn-cert-field>
<rhn-cert-signature>
-----BEGIN PGP SIGNATURE----Version: Crypt::OpenPGP 1.03
iQBGBAARAwAGBQJHT3WQAAoJEJ5y83vezkZOoo
xLQAAJ9KpBoBdV1dd4kA==
=Zslv
-----END PGP SIGNATURE----</rhn-cert-signature>
</rhn-cert>
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 27
RED HAT CONSULTING
6.4
Appendix D: Test plan and Test Results
ID
Test
Method
(Expected) Result
S1
RHN Satellite
server is
registered with
RHN hosted
Execute the following
command as the root user
on the RHN Satellite
server:
Rhn.redhat.com shows
that the RHN Satellite
server
a) is registered
b) is associated with the
satellite child channel
c) reflects a check-in
time consistent with
when the rhn_check
command was executed.
Pass
a) The command
completes with a return
code of 0 (success).
Pass
#rhn_check
Log into rhn.redhat.com
and view details of the
details of the RHN Satellite
server
S2
Confirm
satellite
certificate is
valid and
activated
a) Execute the following
command as the root user
on the RHN Satellite
server:
#rhn-satelliteactivate --sanity-only
–rhncert=/etc/sysconfig/rh
n/rhn-entitlementcert.xml
Notes
Pass
/ Fail
b) rhn.redhat.com
shows an activated
satellite with a valid
satellite certificate
b) Confirm that satellite is
activated by inspecting
rhn.redhat.com below
system details
S3
Backup and
verify the
embedded
Oracle
database
Execute the following
commands as the oracle
user on the RHN Satellite
server:
# db-control backup
/backup
# db-control verify
/backup
S4
Confirm that
satellite-sync
cron job
works
accordingly
a) Execute the following
command as the root user
on the RHN Satellite
server:
a) The backup command
completes without error.
Pass
b) The verify command
completes without error.
In both cases,
Pass
satellite-sync
updates the local
repository with the delta
of outstanding RPMs
#satellite-sync
b) Run the database
backup script via cron
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 28
RED HAT CONSULTING
ID
Test
Method
(Expected) Result
S5
Provision a
host using a
kickstart
profile
Boot a host using
installation media and
append the following kernel
parameters:
a) The host is
provisioned using the
kickstart file located
on the RHN Satelite
server.
ks=<URL of kickstart>
Notes
Pass
/ Fail
Pass
b) The events page
shows no errors
S7
Deploy a
signed RPM
from a custom
software
channel
a) Confirm that a host is
registered to the child
channel containing the
custom RPM and that
custom GPG has been
imported
The custom RPM is
installed without error.
Pass
Server moved from one
organization to another
Pass
The host is registered
with RHN Satellite.
Pass
The service rhn-satellite
is configured to start at
runlevel 3, 4 and 5
Pass
b) Execute the following
command as the root user
on the host server
#up2date install myapp
S8
Organization
trust
Execute following
command for migrating
server from one
organization to another:
#migrate-systemprofile –satellite
Satellite.rhn.redhat.c
om
-systemId=<SYSTEM ID> -to-org-id=2
S9
Register an
existing host
via a bootstrap
script
Execute the following
commands as the root user
on the host server:
# wget
http://satellite.example.com
/pub/rhel5-x86.sh
# . rhel5-x86.sh
S10
RHN Satellite
server is
started on
system reboot
Execute the following
command as the root user
on the RHN Satellite server
#chkconfig –list rhnsatellite
Table 6-1: Test Matrix
<ClientCompany>
<CONFIDENTIALITY>
Red Hat Network Satellite Accelerator
Engagement Report
Page 29