14 RH401-6-en-1-20110713
RHN Satellite Server Concepts
Features of RHN Satellite Server
The original Red Hat Network solution provided users with the ability to get immediate and easy access to the latest updated software, thus solving the critically important problem of errata concurrency. With the success of this product came the problem of data access speeds, particularly in enterprises containing a large number of systems: many systems were synchronizing with the Red Hat Network servers from a single location, often downloading the same data.
The RHN Satellite Server was created to solve this problem. The RHN Satellite Server provides an on-site server that feeds updates within an enterprise with minimal (or potentially no) access to the Red Hat Network servers over the Internet. This permits updates to happen over LAN speeds, instead of WAN speeds. Furthermore, tiered with a number of RHN Proxy or additional Satellite servers, a large enterprise can distribute updates efficiently across a geographically dispersed intranet.
Some high security data centers are disconnected from the Internet and cannot access the services of RHN provided by Red Hat's servers. A Satellite server allows these types of centers to have RHN software deployment features that their disconnected requirements wouldn't allow for otherwise.
Another key feature of RHN Satellite is the ability to create custom software channels. This gives you the ability to add your own software into the RHN Satellite system and the ability to do bare- metal provisioning, installing across a large number of systems with relative ease.
Advantages of RHN Satellite Server
Five major advantages of using RHN Satellite server include: 1.
2.
3.
4.
RHN Satellite Server Components
RHN Satellite Server improves security by ensuring that software updates are rolled out in a timely manner. The disconnection from the Internet assures that all transactions are performed within the intranet. Coupled with RHN Proxy servers or with multiple RHN Satellite servers, highly geographically dispersed environments can get rapid access to updates.
RHN Satellite server allows local administrators (not Red Hat) control over which systems can access the server with what permissions.
The ability to load third-party or custom software packages into the RHN Satellite server and to create custom channels permits a high level of customization.
RHN Satellite Server Components
The RHN Satellite Server is a large and complex subsystem, consisting of: • Red Hat Network Satellite Server: the underlying software.
• An Oracle Database: the RHN Satellite Server requires a database to store information about the systems it manages. This database can be an existing Oracle database or it can be embedded in the Satellite Server software.
• Web Interface: much of the management of the RHN Satellite Server happens through the web interface. This looks very similar to Red Hat's RHN web interface.
• RPM Repository: the part of the system taking the most disk space, this repository holds the software to be distributed by the RHN Satellite Server.
• Management Tools: a number of command line and web based management tools permitting the setup and maintenance of the server. RHN Satellite also has an API for access to Satellite information and functions.
References
Red Hat Network Satellite Installation Guide • Section 1.1: Red Hat Network
Chapter 2. Installing a Red Hat Network Satellite Server
16 RH401-6-en-1-20110713
RHN Satellite Server Installation
Standalone vs. Embedded Database
The RHN Satellite Server requires a database. If you already have an Oracle database with sufficient disk space and power, you can use it to hold the RHN Satellite Server database provided that you have a database administrator who can manage the setup of the service. It is important you do not run the RHN Satellite Server on the same system that runs the Oracle database.
If you do not have an Oracle database, or if it does not have sufficient disk, RAM, or CPU resources, you can install the RHN Satellite Server with an embedded database. This database requires additional disk space. It has the advantage of having a single system acting as both Satellite Server and database server. Further, the database is already fully configured, requiring less effort on the part of the database administrator.
Hardware Requirements
RHN Satellite Servers have relatively high hardware requirements since they can run an instance of the Oracle database (for the embedded version) as well as deliver a large amount of data to remote systems. Because the Oracle database runs multiple processes, multiple processors can significantly improve performance.
The RHN Satellite Server uses a considerable amount of disk space and it is time consuming to repopulate a database should a disk fail. It is strongly recommended to use redundant storage to hold the underlying data.
The hardware specifications outlined in the Red Hat Network Satellite Installation Guide are standard minimal and recommended specifications for Red Hat Network Satellite. The following table shows typical specifications and capacity of RHN Satellite server deployments:
Hardware specifications RHN client system capacity
32-bit x86 with 2GB of RAM ~500 RHN client systems 32-bit x86 with 4GB of RAM ~2,000 RHN client systems 64-bit x86 with 8-16GB of RAM ~15,000 RHN client systems Table 2.1. RHN Satellite Server Capacity
File System Requirements
The embedded database is installed in /rhnsat and RPM channel content is stored in /var/ satellite. Do not skimp on the hard disk requirements! Red Hat Network Satellite Server will not run on systems with insufficient disk space. For example, /var/satellite may need approximately 120 GB of disk capacity to maintain content for Red Hat Enterprise Linux versions 4 through 6 for two architectures.
Furthermore, when populating the database using channel content ISOs you will need
substantially large amounts of temporary disk space. For example the base channel content ISOs for Red Hat Enterprise Linux 5 Client/Server i386 (11 CD ISOs) originally took almost 7 GB of storage. As of April, 2011 they have grown to almost 47 GB of storage (11 DVD ISOs) to include all revisions including RHEL 5.6. To use these ISOs, you will need to mount each one and copy it over to a temporary location which will take an additional 47 GB of disk space. Therefore, for this
Installing Satellite Server: The Base Install
one channel, almost 100 GB of temporary space will be needed to expand the channel content to be synchronized into a RHN Satellite server.
Older versions of RHEL require more space because of their longer history of package updates. Red Hat Enterprise Linux 5 Server (ia64) + EUS + AMC + RHN Tools + Supplementary (Base 2011-04-13) is published, at the time of this writing, on 7 DVD ISOs.
Installing Satellite Server: The Base Install
The base install of the RHN Satellite Server is substantially similar to other Red Hat operating system installations. However, note the following:
SELinux: The RHN Satellite Server installer requires SELinux to be enabled. Enable SELinux in Permissive Mode when installing the base operating system.
Disk space: Refer to the previous information on disk space allocations. Follow or exceed the guidelines, as the RHN Satellite Server will not install properly without a sufficient amount of disk space.
Time: The SSL parts of the server installation require proper synchronization of time with the computers that must communicate with one another. Use UTC for the hardware time and if possible run the Network Time Protocol daemon on all RHN Satellite Servers, RHN Proxy Servers and on their client systems.
Software Packages: Only install the @Base package group to avoid RPM dependency conflicts. The @GNOME package group may also be selected if you want to administer the Satellite Server locally, but it is not required. Provide additional RPMS to satisfy package dependencies: either register the Satellite system with Red Hat Network or point to a yum repository with RHEL RPMs.
Installing the Satellite Software
Installing the RHN Satellite Server software is a time consuming process, made faster by powerful dual processors and a large amount of RAM. To begin the installation, download the latest RHN Satellite software ISO from Red Hat Network. Note that two versions of the software are provided: the standalone version and the embedded version. Only one is needed.
The RHN Satellite Server ISO contains an installation script called install.pl. Execute this script to begin the installation process. install.pl will update some system libraries and install additional packages required by the Satellite Server software. After installing all relevant software RPMs, this application prompts the user for the following information:
Chapter 2. Installing a Red Hat Network Satellite Server
18 RH401-6-en-1-20110713
SSL certificate information: All communication between your Satellite Server and its clients will be done through encrypted tunnels. This requires an SSL certificate. You will have to provide information about your organization, its location, and a certificate password which you should record and put in a safe place.
This is a long process, typically taking near an hour to complete, including the time needed to answer the installer's questions and for the computer to process the data. Installer log messages can be found in a file called /var/log/rhn/rhn-installation.log.
install.pl Options
Options can be passed to install.pl to modify how it behaves when installing the Satellite Server software.
The --disconnected option indicates the Satellite Server will operate disconnected from the Internet. In this case install.pl will not prompt for RHN credentials used to connect to Red Hat's servers.
An answer file can be specified at install time with the --answer-file option. The user provides install.pl with the absolute path name to a text file with answers to the installer's questions which the user created beforehand. This allows the installation process to be
performed in an unattended manner which prevents mistakes from being committed during the installation process. A sample answers.txt file can be found on the Satellite Server install media in the install subdirectory.
Note
The --answer-file option requires an absolute path name. When a relative path name is specified, the RHN Satellite installer will silently ignore this option and start prompting the user with questions.
The --re-register option causes install.pl to re-register the Satellite Server with Red Hat Network, even if it is already registered.
--clear-db tells install.pl to clear any existing database schema before installing on a previously installed server. This is useful when Satellite Server software needs to be reinstalled. A best practice is to install a RHN Satellite Server in disconnected mode and initially populate it from local media. The eliminates any dependence upon Internet connectivity and grants best installation performance. Later the Satellite Server can be registered and reactivated with Red Hat Network, then channel content can be brought up to date against Red Hat's servers.
References
Red Hat Network Satellite Installation Guide • Chapter 2: Requirements
Installing Satellite Server: The Base Install
Practice Performance Checklist
Installing Red Hat Network Satellite Software
Before you begin...
You should have a Red Hat Enterprise Linux 5 Server with a minimal installation on desktopX. Install RHN Satellite software on your provisioning server, desktopX.
Copy the sample RHN Entitlement Certificate, redhat-gls-minimal-5.4.cert, from the instructor's machine to root's home directory (~). This file can be found in the automounted /misc/instructor/rh401-satellite directory.
Copy the satellite-embedded-*.iso image found on the instructor's machine to / tmp then mount it using a loopback device to /mnt. Don't execute /mnt/install.pl. We will use this script shortly. Instead list the contents of /mnt/install and look for a file called answers.txt. This file can be modified and used with install.pl to perform an unattended installation of the RHN Satellite Server software. Copy answers.txt to root's home directory.
Use your favorite text editor to modify root's answers.txt file. Find the following variable definitions and make all necessary adjustments:
# RHN Satellite Server administrator admin-email = [email protected]
# Satellite Server CA certificate info ssl-set-org = Red Hat Inc. ssl-set-org-unit = Training ssl-set-city = your city ssl-set-state = your state
ssl-set-country = your two-letter country code ssl-set-email = [email protected] ssl-password = a password you can remember
# Location of RHN Satellite Entitlement certificate satellite-cert-file = /root/redhat-gls-minimal-5.4.cert
run-updater = yes
ssl-config-sslvhost = yes enable-tftp = yes
Although comments in the file suggest ssl-set-mail defaults to the value of admin- email, that is not the case and the installer will stop and prompt you for the SSL e-
Chapter 2. Installing a Red Hat Network Satellite Server
20 RH401-6-en-1-20110713
Once the SSL certificate has been generated and imported into the Satellite Server, install.pl will restart the Satellite Server then exit. A URI will be displayed which you can use with a browser to complete the installation process.
Launch a web browser and visit the URI displayed by install.pl: https:// desktopX.example.com. Examine the certificate offered to your browser and see if you recognize some of the values about the certificate subject and the issuer. Once you are satisfied with the contents of the certificate, accept it into your browser permanently. Create a RHN user called satadmin with a password of redhat. The e-mail address for this account should be [email protected]. Provide your name for the additional account information. You are now logged in as the Satellite Administrator, satadmin, of a functioning Red Hat Network Satellite Server.
Unmount the ISO image from /mnt since the installation of the RHN Satellite Server software is complete.
Use yum to install updated packages for the Red Hat Network Satellite Server software. The classroom kickstart process configures yum to point to repositories provided by the instructor's server. After the packages have been updated, restart your Satellite Server.
Obtaining Software from Hosted RHN
Obtaining Software from Hosted RHN
Populating the Satellite Server over the Network
Populating the database over the network takes less administrator time but more clock time overall. Use the satellite-sync command to perform a network synchronization, specifying the channel you wish to download:
[root@host ~]# satellite-sync -c rhel-i386-client-vt-5
This single command will perform the task, but it may take several hours for base channels with thousands of packages.
Channel Content ISOs
Channel Content ISOs contain the information, including RPMs and metadata, needed to populate a Satellite Server. They are not a package-for-package match to a channel, instead they are a superset. A particular Channel Content ISO may contain channel data for that base channel, for its child channels, and even for related, but different, base channels. For example, a listing of the channels included on the channel content ISOs distributed for “RHEL 5 Client/ Server (i386) + vt + cluster + supplementary + workstation” might read as follows (from satellite-sync --list-channels):
Retrieving / parsing channel data
p = previously imported/synced channel . = channel not yet imported/synced base-channels: p rhel-i386-client-5 1807 p rhel-i386-server-5 2411 rhel-i386-client-5: . rhn-tools-rhel-i386-client-5 348 . rhel-i386-client-workstation-5 891 . rhel-i386-client-supplementary-5 27 . rhel-i386-client-vt-5 34 rhel-i386-server-5: . rhn-tools-rhel-i386-server-5 348 . rhel-i386-server-hts-5 4 p rhel-i386-server-vt-5 34 . rhel-i386-server-supplementary-5 46 . rhel-i386-server-cluster-5 39 . rhel-i386-server-cluster-storage-5 51
Chapter 2. Installing a Red Hat Network Satellite Server
22 RH401-6-en-1-20110713
Note
Importing channel content into a RHN Satellite server can take a long time to complete. This is especially true when a Satellite server is freshly installed. Installing a small base channel and restarting the Satellite server causes the embedded database to initialize itself so that further channel installs are much quicker. In the lab exercise, a simple base channel called one-rpm-channel will be used for this purpose.
Using Channel ISOs to Populate the Satellite Server
To populate the database using the Channel Content ISOs:
1. Confirm you have sufficient disk space. You will need disk space for the ISOs and the data to be extracted from the ISOs, in addition to the disk space needed to store the data in the database.
2. Download the Channel Content ISOs from Red Hat Network.
• Log onto Red Hat Network and click the Software Downloads icon.
• Expand the base channel called Red Hat Enterprise Linux (v. 5 for 64-bit x86_64), or the version of Red Hat Enterprise Linux you are using, by clicking the plus symbol to the left of the channel name. Then click the link for the latest Red Hat Network Satellite channel. For example, you might select Red Hat Network Satellite (v5.4 for Server v5 AMD64 / Intel64).
• Click View Base Channel Content ISOs for Satellite to list the Channel Content ISOs. Scroll down to find the Channel Content ISOs for the channel you wish to download. For example, scroll down to Red Hat Enterprise Linux 5 Client/Server (i386) + rhn-tools + vt + cluster + supplementary + workstation (Base 2009-09-30) to download the content ISOs for that channel.
3. For each channel, mount each ISO in turn and copy the data to a temporary directory. If you intend to use the expanded channel content on more than one Satellite Server (or back it up), be sure to mount it read only since satellite-sync will attempt to remove the content as it imports the RPMS.
4. List the channels available from the Channel Content ISOs. For example, if you have copied the ISO data into a directory called /rhn-sat-import, then list the available channels by running:
[root@host ~]# satellite-sync -m /rhn-sat-import --list-channels
5. Run the satellite-sync command to upload the information from this directory into the Satellite Server. For example, to load the rhel-i386-server-5 channel into the database that has been copied into /rhn-sat-import, run:
Using Channel ISOs to Populate the Satellite Server
Installing a base channel does not include the child channels or the related channels. They must be installed separately.
References
Red Hat Network Satellite Installation Guide • Chapter 7: Troubleshooting
Chapter 2. Installing a Red Hat Network Satellite Server
24 RH401-6-en-1-20110713
Practice Performance Checklist
Preparing Channel Content for Import
Before you begin...
The RHN Satellite software installation on your desktopX machine should be completed.
Channel content ISOs are available from the instructor's machine, instructor.example.com. Extract their contents into a common directory on your Satellite server, desktopX, so the channel content can be imported in a later lab exercise.
The first step to take is make sure you have enough disk space to extract the content ISOs. They will require over 8 GB of space. Notify your instructor if you don't have enough room on your machine to extract them.
The content ISOs are published to the classroom in the /misc/instructor/rh401- satellite/sat-rhel6-content/ directory. Mount the content ISOs using a loop interface to /mnt and copy the contents of both ISOs to a directory called /root/sat- rhel6-content/.
Importing Initial Software Packages
Importing Initial Software Packages
RHN Software Channels
The Red Hat Network system deploys packages based on the concept of software channels. A