RHN Satellite Server Channel Administrators also have the ability to clone software channels for
easy package association. Cloning offers you a complete replica of another channel, enabling you to
immediately associate appropriate packages and errata with a custom software channel. To access
this functionality, click the Channels tab on the top navigation bar, then the Manage Software
Channels on the left navigation bar. This takes you to the Software Channel Management page. To
begin cloning, click clone channel at the top-right corner.
You are immediately presented with three cloning options: current state of the channel, original state
of the channel, or select errata. These options are described fully on the webpage itself but are
summarized as:
• Current state of the channel — All of the errata and all of the latest packages now in the target
channel.
Thursday 10 March 2011
Upload custom RPMS to an RHN Satellite server
Packages must be uploaded to your private channel as root and must be digitally signed by
the uploader.
run
[root@dhcp ~]# mkdir ~/.gnupg
then
[root@dhcp ~]# gpg --gen-key
Select a type 1 DSA and ElGamal key (the default)
Select does not expire
For Real Name enter Satellite Root
For email root@satellite-fqdn
Comment to leave it blank.Enter a passphrase for your private key
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 56E7F807 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
key ID
pub 1024D/56E7F807 2011-03-14
Fingerprint
Key fingerprint = 3C68 34CB FFC5 B1F0 227E B99D 0C7E 0353 56E7 F807
uid Satellite Root <root@satellite-fqdn >
sub 2048g/D214DE21 2011-03-14
Write down your key ID and fingerprint for later use.
Export the GPG public key
[root@dhcp ~]# gpg --export --armor key-ID > /tmp/MY-GPG-KEY
Copy that key to the Satellite Server's Apache DocumentRoot's pub directory
[root@dhcp ~]# cp /tmp/MY-GPG-KEY /var/www/html/pub/MY-GPG-KEY
Log into your satellite server and create a new user named channeladmin. Modify the user account to be a channel administrator. Log out of the web site and log in again as channeladmin. Go to the Channels tab and create new channel. Make your new channel a child channel of the OS version of your client. For your GPG key URL use http://satellite-fqdn/pub/MY-GPG-KEY. Enter the GPG key ID and GPG key Fingerprint
To get fingerprint info
[root@wint-server-73 ~]# gpg --fingerprint
/root/.gnupg/pubring.gpg
------------------------
pub 1024D/56E7F807 2011-03-14
Key fingerprint = 3C68 34CB FFC5 B1F0 227E B99D 0C7E 0353 56E7 F807
uid Satellite Root <root@wint-server-73.wcm-london.com>
sub 2048g/D214DE21 2011-03-14
Add the following to ~/.rpmmacros
%_signature gpg
%_gpg_name KEYID
To sign the package
[root@dhcp ~]# rpm --resign package-name-1.0-1.noarch.rpm
To make sure the package is signed, use the following command
[root@dhcp ~]# rpm --checksig -v package-name-1.0-1.noarch.rpm
Upload your RPM
[root@dhcp ~]# rhnpush -c 'Channel Name' --server localhost
Subscribe your client to the private channel:
Using the URL listed by the RHN child channel , download the public key to your client system and then import it
[root@dhcp ~]# rpm --import MY-GPG-KEY
the uploader.
run
[root@dhcp ~]# mkdir ~/.gnupg
then
[root@dhcp ~]# gpg --gen-key
Select a type 1 DSA and ElGamal key (the default)
Select does not expire
For Real Name enter Satellite Root
For email root@satellite-fqdn
Comment to leave it blank.Enter a passphrase for your private key
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 56E7F807 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
key ID
pub 1024D/56E7F807 2011-03-14
Fingerprint
Key fingerprint = 3C68 34CB FFC5 B1F0 227E B99D 0C7E 0353 56E7 F807
uid Satellite Root <root@satellite-fqdn >
sub 2048g/D214DE21 2011-03-14
Write down your key ID and fingerprint for later use.
Export the GPG public key
[root@dhcp ~]# gpg --export --armor key-ID > /tmp/MY-GPG-KEY
Copy that key to the Satellite Server's Apache DocumentRoot's pub directory
[root@dhcp ~]# cp /tmp/MY-GPG-KEY /var/www/html/pub/MY-GPG-KEY
Log into your satellite server and create a new user named channeladmin. Modify the user account to be a channel administrator. Log out of the web site and log in again as channeladmin. Go to the Channels tab and create new channel. Make your new channel a child channel of the OS version of your client. For your GPG key URL use http://satellite-fqdn/pub/MY-GPG-KEY. Enter the GPG key ID and GPG key Fingerprint
To get fingerprint info
[root@wint-server-73 ~]# gpg --fingerprint
/root/.gnupg/pubring.gpg
------------------------
pub 1024D/56E7F807 2011-03-14
Key fingerprint = 3C68 34CB FFC5 B1F0 227E B99D 0C7E 0353 56E7 F807
uid Satellite Root <root@wint-server-73.wcm-london.com>
sub 2048g/D214DE21 2011-03-14
Add the following to ~/.rpmmacros
%_signature gpg
%_gpg_name KEYID
To sign the package
[root@dhcp ~]# rpm --resign package-name-1.0-1.noarch.rpm
To make sure the package is signed, use the following command
[root@dhcp ~]# rpm --checksig -v package-name-1.0-1.noarch.rpm
Upload your RPM
[root@dhcp ~]# rhnpush -c 'Channel Name' --server localhost
Subscribe your client to the private channel:
Using the URL listed by the RHN child channel , download the public key to your client system and then import it
[root@dhcp ~]# rpm --import MY-GPG-KEY
Wednesday 9 March 2011
EX333 Requirements
Centralized Authentication Security
- configure an NIS server to provide directory services
- configure Kerberos to provide user authentication
- configure NFSv4 server
- configure a network client to use NIS for directory information
- configure a network client to use Kerberos for authentication
- configure a network client to mount an NFSv4 export
- configure r-clients (rlogin, rcp, etc.) and telnet to use Kerberos
Network Services Security
- Use xinetd and TCP wrappers to restrict access to network services
- Configure Postfix and Sendmail to:
- Configure POP/IMAP to use SSL/TLS for secure communication
- Configure the following aspects of DNS:
- master domain
- slave domain
- views
- forwarders
- blackhole lists (RBL)
- TSIG
- Use GPG tools to:
- configure a certificate authority (CA) and sign certificate requests
- configure httpd to use a SSL certificate signed by a certifying authority
- configure httpd to use passwords and/or network location to restrict access to content
- configure FTP security to
EX423 Requirements
- Install Red Hat Directory Server
- configure the default LDAP suffix
- configure the administrative user
- configure a slave replica
- Configure Red Hat Directory Server for TLS communication
- Configure command-line tools to
- Use TLS
- Use a default LDAP suffix
- Configure Red Hat Directory Server access through user Access Controls
- Authenticate to the Directory Server using kerberos
- Configure write referrals
- Migrate NIS users and groups into LDAP
- Create and modify entries of the inetOrgPerson object class
- Import user information from an LDIF file
- Export specific user information to an LDIF file
- Configure a system to authenticate using LDAP
- Configure a system to authenticate using Active Directory(tm)
EX436 Requirements
- configure a high-availability cluster, using either physical or virtual systems, that
- provides a service fail-over between the nodes
- provides a preferred node for the service
- selectively fails over based on node characteristics
- configure a GFS filesystem to
- meet specified size, layout, and performance objectives
- support filesystem quotas
- configure SNMP to provide cluster monitoring
- configure iSCSI targets and initiators.
- Manage software RAID and LVM to provide
- metadevices of specified RAID type, size, and characteristics
- monitoring and notification of RAID status
- LVM snapshots
Create a custom RPM spec file and build a binary RPM from source code
RPM Documentation
cd /usr/share/doc/rpm-*
Create user for building RPMS
[root@dhcp ~]# useradd makerpm
[root@dhcp ~]# su - makerpm
Create RPMMACRO file
[makerpm@dhcp ~]# vim .rpmmacros
add
%_topdir %(echo $HOME)/rpmbuild
Create directory structure
[makerpm@dhcp ~]# mkdir ~/rpmbuild
[makerpm@dhcp ~]# mkdir ~/rpmbuild{SPECS,BUILD,RPMS,SOURCES,SRPMS}
Example SPEC file
Summary: summary
Version: version
Group: group
License: license
Name: name
Provides: name
Release: release
Packager: packager
URL: url
Source: source
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}
%description
description
%prep
%setup -q
%build
./configure
make
%install
make DESTDIR=$RPM_BUILD_ROOT install
%files
cd /usr/share/doc/rpm-*
Create user for building RPMS
[root@dhcp ~]# useradd makerpm
[root@dhcp ~]# su - makerpm
Create RPMMACRO file
[makerpm@dhcp ~]# vim .rpmmacros
add
%_topdir %(echo $HOME)/rpmbuild
Create directory structure
[makerpm@dhcp ~]# mkdir ~/rpmbuild
[makerpm@dhcp ~]# mkdir ~/rpmbuild{SPECS,BUILD,RPMS,SOURCES,SRPMS}
Example SPEC file
Summary: summary
Version: version
Group: group
License: license
Name: name
Provides: name
Release: release
Packager: packager
URL: url
Source: source
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}
%description
description
%prep
%setup -q
%build
./configure
make
%install
make DESTDIR=$RPM_BUILD_ROOT install
%files
Install an RHN Satellite server
Mount the ISO
[root@dhcp ~]# mount /dev/cdrom /mnt
Run installer
[root@dhcp ~]# /mnt/install.pl
[root@dhcp ~]# mount /dev/cdrom /mnt
Run installer
[root@dhcp ~]# /mnt/install.pl
Tuesday 8 March 2011
Set up an SVN version control repository
Install SVN
[root@dhcp ~]# yum install subversion -y
Create local repo
[root@dhcp ~]# svnadmin create /var/svn/repo
Import files
[root@dhcp ~]# svn import -m "initial import" /etc file:///var/svn/repos/config
[root@dhcp ~]# yum install subversion -y
Create local repo
[root@dhcp ~]# svnadmin create /var/svn/repo
Import files
[root@dhcp ~]# svn import -m "initial import" /etc file:///var/svn/repos/config
Add base channels from ISO images
Mount the ISO
[root@sat01 ~]# mount /dev/cdrom /mnt
Make the import directory
[root@sat01 ~]# mkdir /var/rhn-sat-import/RHEL5.5
Copy the files from the ISO
[root@sat01 ~]# cp -ruv /mnt* /var/rhn-sat-import/RHEL5.5
Unmount the ISO
[root@sat01 ~]# umount /mnt
List the available channels
[root@sat01 ~]# satellite-sync --list-channels --mount-point /var/rhn-sat-import/RHEL5.5
Import a specific channel
[root@sat01 ~]# satellite-sync -c rhel5-i386 --mount-point /var/rhn-sat-import/RHEL5.5
[root@sat01 ~]# mount /dev/cdrom /mnt
Make the import directory
[root@sat01 ~]# mkdir /var/rhn-sat-import/RHEL5.5
Copy the files from the ISO
[root@sat01 ~]# cp -ruv /mnt* /var/rhn-sat-import/RHEL5.5
Unmount the ISO
[root@sat01 ~]# umount /mnt
List the available channels
[root@sat01 ~]# satellite-sync --list-channels --mount-point /var/rhn-sat-import/RHEL5.5
Import a specific channel
[root@sat01 ~]# satellite-sync -c rhel5-i386 --mount-point /var/rhn-sat-import/RHEL5.5
EX401 Requirements
- Install an RHN Satellite server
- Add base channels from ISO images
- Create child channels of a base channel
- Create different types of users
- Create groups and add group admins
- Create configuration channels
- Create a custom RPM spec file and build a binary RPM from source code
- Upload custom RPMS to an RHN Satellite server
- Create Activation keys
- Assign groups, software channels and configuration channels to the Activation key
- Configure errata
- Provisioning clients using kickstart
- Set up and configure DHCP
- Configure PXE-boot
- Set up an SVN version control repository
- Kickstart a machine using Cobbler
- Manage virtual systems using RHN Satellite Server
- Clone channels and use a cloned channel
Subscribe to:
Posts (Atom)