Chapter 2. Red Hat Linux Client Applications

Contents

2.1. Deploying the Latest Client RPMs
2.2. Configuring the Client Applicationsrfc
2.3. The Package Updater Applet
2.4. Configuring the Network Alert Notification Tool with SUSE Managerrfc

In order to utilize most enterprise-class features of SUSE Manager, configuration of the latest client applications is required. Obtaining these applications before the client has registered with SUSE Manager can be difficult. This paradox is especially problematic for customers migrating large numbers of older systems to SUSE Manager. This chapter identifies techniques to resolve this dilemma.

[Important]

We strongly recommend that clients connected to a SUSE Manager Proxy Server or SUSE Manager Server be running the latest update to ensure proper connectivity.

Additionally, if client firewalls are configured, ports 80 and 443 should be open for proper functionality with SUSE Manager.

2.1. Deploying the Latest Client RPMs

The Package Updater, yum and optionally Network Registration Client (rhn_register) on Red Hat Enterprise Linux (up2date on earlier RHEL versions) are prerequisites for using much of SUSE Manager enterprise functionality. It is crucial to install it on client systems before attempting to use SUSE Manager Proxy Server or SUSE Manager Server in your environment.

There are several sensible approaches to accomplish this update of the SUSE Manager client software. One of which involves storing the RPMs in a location that is accessible by all client systems and deploying the packages with the simplest command possible. In nearly all cases, a manual deployment of yum, pup , and rhn_register (up2date for earlier version of Red Hat Enterprise Linux) do not need to be performed. Those client tools should have no issues connecting to your SUSE Manager or Proxy environment. These discussion below assumes that the "out of box" yum, pup , and rhn_register (or up2date ) are not the latest and do not work for your environment.

Remember, only systems running Red Hat Enterprise Linux 5 systems must have registered with SUSE Manager in firstboot after installation or use the rhn_register . Systems running Red Hat Enterprise Linux 4 can use the registration functionality built into the Red Hat Update Agent.

This document presumes that the customer has installed at least one SUSE Manager Server and/or SUSE Manager Proxy Server on their network. The example below demonstrates a simple approach of deploying yum, pup , and rhn_register (or up2date ) for the first time by an administrator assuming the machines do not already have a working Novell Customer Center setup. The administrator has populated the /srv/www/htdocs/pub/ directory with a copy of the yum, pup , and rhn_register (or up2date ) RPMs that the client systems need, and then has simply deployed those RPMs onto the client systems with a simple rpm -Uvh command. Run from a client, this command installs the RPMs to that client, assuming the domain name, paths, and RPM versions are correct (note that this command has been split into multiple lines for print and PDF purposes but should be typed as one line at a shell prompt):

rpm -Uvh
http://your_proxy_or_sat.your_domain.com/pub/rhn-setup-0.4.17-8.el5.i386.rpm
http://your_proxy_or_sat.your_domain.com/pub/yum-3.2.8-9.el5.i386.rpm
http://your_proxy_or_sat.your_domain.com/pub/pirut-1.3.28-13.3l5.noarch.rpm

Keep in mind that the architecture (in this case, i386) may need to be altered depending on the systems to be served.

2.2. Configuring the Client Applications

Not every customer must connect securely to a SUSE Manager Server or SUSE Manager Proxy Server within their organization. Not every customer needs to build and deploy a GPG key for custom packages. (Both of these topics are explained in detail later.) Every customer who uses SUSE Manager Server or SUSE Manager Proxy Server must reconfigure the Red Hat Update Agent (up2date ) and possibly the Red Hat Network Registration Client (rhn_register ) to redirect it from Novell Customer Center to their SUSE Manager Server or SUSE Manager Proxy Server.

[Important]

Although this is not configurable, note that the port used by the up2date is 80 for HTTP and 443 for secure HTTP (HTTPS). By default, yum on Red Hat Enterprise Linux 5 uses SSL only. For this reason, users should ensure that their firewalls allow connections over port 443. To bypass SSL, change the protocol for serverURL from https to http in /etc/sysconfig/rhn/up2date. Similarly, to use SUSE Manager's Monitoring feature and probes requiring the Red Hat Network Monitoring rhnmd Daemon, note that client systems must allow connections on port 4545 (or port 22, if using sshd instead).

By default, the rhn_register and up2date refer to the main SUSE Manager Servers. Users must reconfigure client systems to refer to their SUSE Manager Server or SUSE Manager Proxy Server.

Note that the latest versions of the Red Hat Update Agent can be configured to accommodate several SUSE Manager Servers, thereby providing failover protection in case the primary server is inaccessible. Refer to Section 2.2.4, “Implementing Server Failover” for instructions on enabling this feature.

The next sections describe three methods of configuring the client systems to access your SUSE Manager Server or SUSE Manager Proxy Server: using an Activation Key, up2date --configure, and manually updating the configuration files.( To see how virtually all reconfiguration can be scripted, see Chapter 6, Manually Scripting the Configuration.)

2.2.1. Registering with Activation Keys

Novell recommends using activation keys for registering and configuring client systems that access SUSE Manager Proxy Server or SUSE Manager Server. Activation keys can be used to register, entitle, and subscribe systems in a batch. Refer to the section "Activation Keys" in the SUSE Manager Server Reference Guide for more information on activation keys.

Registering with an activation key has four basic steps:

  1. Generate an Activation Key.

  2. Import custom GPG keys.

  3. Download and install the SSL Certificate RPM from the /pub/ directory of the SUSE Manager Proxy Server or SUSE Manager Server. The command for this step could look something like this:

    rpm -Uvh http://your-suse_manager-FQDN/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
  4. Register the system with your SUSE Manager Proxy Server or SUSE Manager Server. The command for this step could look something like:

    rhnreg_ks --activationkey mykey --serverUrl https://your-suse_manager-FQDN/XMLRPC 
    

Alternatively, most of the above steps can be combined in a shell script that includes the following lines (note that this command has been split into multiple lines for print and PDF purposes but should be typed as one line at a shell prompt).

wget -0 - http://your-suse_manager-FQDN/pub/bootstrap.sh | bash
&& rhnreg_ks --activation-key my_key --serverUrl
https://your-suse_manager-FQDN/XMLRPC

The bootstrap script, generated at installation and available for both SUSE Manager Server and SUSE Manager Proxy Server, is such a script. The script and the mgr_bootstrap that generates it are discussed in detail in Chapter 5, Using Bootstrap.

[Warning]

Systems running Red Hat Enterprise Linux 2.1 and versions of Red Hat Linux prior to 8.0 may experience problems using Activation Keys to migrate SSL certificate settings from rhn_register to up2date . Therefore, the SSL certificate information on those systems must be set manually. All other settings, such as the server URL, transfer properly.

2.2.2. The up2date --configure Option

The Red Hat Update Agent in Red Hat Enterprise Linux 3 and 4 provides an interface for configuring various settings. For full listings of these settings, refer to the up2date manual page (man up2date at a command line).

To reconfigure the Red Hat Update Agent, issue the following command as root:

 up2date --configure 

You are presented with a dialog box offering various settings that may be reconfigured. In the General tab, under Select a SUSE Manager Server to use replace the default value with the fully qualified domain name (FQDN) of the SUSE Manager Server or SUSE Manager Proxy Server, such as https://your_proxy_or_susemgr.your_domain.com/XMLRPC. Retain the /XMLRPC at the end. When finished, click OK.

Figure 2.1. Red Hat Update Agent GUI Configuration

Red Hat Update Agent GUI Configuration

Make sure you enter the domain name of your SUSE Manager Server or SUSE Manager Proxy Server correctly. Entering an incorrect domain or leaving the field blank may prevent up2date --configure from launching. This may be resolved, however, by editing the value in the up2date configuration file. Refer to Section 2.2.3, “Updating the Configuration Files Manually” for precise instructions.

[Warning]

Systems running Red Hat Enterprise Linux 3 or 4 have registration functionality built into the Red Hat Update Agent and therefore do not install the Red Hat Network Registration Client. Systems on Red Hat Enterprise Linux 5 do not use up2date , and need rhn_register to register their systems to SUSE Manager and yum and pup to update their packages.

2.2.3. Updating the Configuration Files Manually

As an alternative to the GUI interface described in the previous section, users may also reconfigure the Red Hat Update Agent by editing the application's configuration file.

To configure Red Hat Update Agent on the client systems connecting to the SUSE Manager Proxy Server or SUSE Manager Server, edit the values of the serverURL and noSSLServerURL settings in the /etc/sysconfig/rhn/up2date configuration file (as root). Replace the default URL with the fully qualified domain name (FQDN) for the SUSE Manager Proxy Server or SUSE Manager Server. For example:

serverURL[comment]=Remote server URL
serverURL=https://your_primary.your_domain.com/XMLRPC

noSSLServerURL[comment]=Remote server URL without SSL
noSSLServerURL=http://your_primary.your_domain.com/XMLRPC
[Warning]

The httpProxy setting in /etc/sysconfig/rhn/up2date does not refer to the SUSE Manager Proxy Server. It is used to configure an optional HTTP proxy for the client. With an SUSE Manager Proxy Server in place, the httpProxy setting must be blank (not set to any value).

2.2.4. Implementing Server Failover

Beginning with up2date-4.2.38, the Red Hat Update Agent can be configured to seek updates from a series of SUSE Manager Servers. This can be especially helpful in sustaining constant updates if your primary SUSE Manager Proxy Server or SUSE Manager Server may be taken offline.

To use this feature, first ensure that you are running the required version of up2date . Then manually add the secondary servers to the serverURL and noSSLServerURL settings in the /etc/sysconfig/rhn/up2date configuration file (as root). Add the fully qualified domain names (FQDN) for the Proxy or SUSE Manager immediately after the primary server, separated by a semicolon (;). For example:

serverURL[comment]=Remote server URL
serverURL=https://your_primary.your_domain.com/XMLRPC; 
https://your_secondary.your_domain.com/XMLRPC;

noSSLServerURL[comment]=Remote server URL without SSL
noSSLServerURL=http://your_primary.your_domain.com/XMLRPC; 
https://your_secondary.your_domain.com/XMLRPC;

Connection to the servers is attempted in the order provided here. You can include as many servers as you wish. You may list the central SUSE Manager Servers, as well. This makes sense, however, only if the client systems can reach the Internet.

2.3. The Package Updater Applet

Red Hat Enterprise Linux 5 features a running program on the graphical desktop panel that periodically checks for updates from SUSE Manager server and will alert users when a new update is available.

Figure 2.2. Package Updater Applet

Package Updater Applet

The Package Updater Applet stays in the notification tray of the desktop panel and checks for new updates periodically. The applet also allows you to perform a few package maintenance tasks from the applet by clicking the notification icon and choosing from the following actions:

  • Refresh — Check SUSE Manager for new updates

  • View Updates — launches the Package Updater application so that you can see any available updates in more detail and configure the updates to your specifications

  • Apply Updates — Download and Install all updated packages.

  • Quit — close the applet

2.4. Configuring the Network Alert Notification Tool with SUSE Manager

The Network Alert Notification Tool, the round icon in the panel of your Red Hat Enterprise Linux 3 or 4 desktop, can be configured on systems running Red Hat Enterprise Linux 3 or later to recognize updates available from custom channels on your SUSE Manager Server. You must ensure the SUSE Manager Server is configured to support this feature. (SUSE Manager Proxy Server supports the applet without modification of client or server.) The steps to configure the Network Alert Notification Tool are as follows:

  1. Ensure that your SUSE Manager Server is version 1.2 or later and that you have the rhns-applet package installed on the SUSE Manager. The package can be found in the SUSE Manager software Channel for versions 1.2 and newer.

  2. Retrieve the mgr-applet-actions package with up2date or through the Tools software channel. Install the package on all Red Hat Enterprise Linux 3 and newer client systems to be notified of custom updates with the Network Alert Notification Tool. The client systems must be entitled to the Management or Provisioning service levels.

  3. Within the SUSE Manager's version of the Novell Customer Center website, go to the System Details page for each system and click the link within the RHN Applet area to redirect the Network Alert Notification Tool to the SUSE Manager.

The next time the applet is started, it will apply its new configuration and connect to the SUSE Manager Server for updates.