Showing posts with label RH401. Show all posts
Showing posts with label RH401. Show all posts
RH401: Create configuration channels
Configuration > configuration channels > create new config channel
fill in the details
Configuration > configuration channels > click on the newly created configuration channel
edit accordingly
fill in the details
Configuration > configuration channels > click on the newly created configuration channel
edit accordingly
RH401: Create groups and add group admins
create a new group:
Systems > System Groups > Create new group
Give a name and description
add a group administrator:
Systems > System Groups > click on the newly created group
Edit group administrators > tick the username of the desired administrator > update
Systems > System Groups > Create new group
Give a name and description
add a group administrator:
Systems > System Groups > click on the newly created group
Edit group administrators > tick the username of the desired administrator > update
RH401: Create different types of users
Users > create new user > fill in the required information > click 'create login'
Users > click on the username > tick roles
Users > click on the username > tick roles
RH401: Set up and configure DHCP
[root@satellite ~]# yum -y install dhcp
[root@satellite ~]# chkconfig dhcpd on
[root@satellite ~]# cp -f /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
cp: overwrite `/etc/dhcp/dhcpd.conf'? y
just add something that's very basic for now:
[root@satellite ~]# vi /etc/dhcp/dhcpd.conf
...
subnet 192.168.200.0 netmask 255.255.255.0 {
}
...
[root@satellite ~]# service dhcpd start
Starting dhcpd: [ OK ]
add configuration directives (look at the examples), and bounce dhcpd.
RH401: Create child channels of a base channel
creating a new software channel:
cloning a child channel from source (rhn or mountpoint)
1. login as channeladmin 2. go to channels > manage software channels > create new channel 3. accomplish the form
cloning a child channel from source (rhn or mountpoint)
[root@satellite ~]# satellite-sync -l -m /var/rhn-sat-import/RHEL6
[root@satellite ~]# satellite-sync -c rhn-tools-rhel-x86_64-server-6 -m /var/rhn-sat-import/RHEL6
RH401: Upload custom RPMS to an RHN Satellite server
edit your rpmmacros file
create your gpg signature:
Okay, we've got two issues. One is the missing "/home/rpmbuild/.gnupg/S.gpg-agent" file, and the other is get_passphrase failure.
The get_passphares issue stems from how terminal sessions are created:
More information here.
So this can simply be solved by logging in directly, e.g. ssh rpmbuild@localhost
The issue with the missing /home/rpmbuild/.gnupg/S.gpg-agent file can be resolved with:
putting all the pieces together:
So much for gnupg, let's go ahead and sign our rpm package:
Export the gpg key:
copy the key to the satellite webserver's pub directory:
This key is now available to client systems for import, e.g.:
As channel administrator, create a new software channel (you'll need the gpg Key ID, fingerprint, and the gpg key url location) and upload the newly-signed RPM.
%_topdir %(echo $HOME)/rpmbuild
%_smp_mflags -j3
%__arch_install_post /usr/lib/rpm/check-rpaths /usr/lib/rpm/check-buildroot
# add these lines: MNEMONIC for myself: tsgops
%_signature %gpg
%_gpg_name rpmbuild
create your gpg signature:
[rpmbuild@satellite ~]$ gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory `/home/rpmbuild/.gnupg' created
gpg: new configuration file `/home/rpmbuild/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/rpmbuild/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/rpmbuild/.gnupg/secring.gpg' created
gpg: keyring `/home/rpmbuild/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: rpmbuild
Email address: rpmbuild@example.com
Comment:
You selected this USER-ID:
"rpmbuild "
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
can't connect to `/home/rpmbuild/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[2964]: directory `/home/rpmbuild/.gnupg/private-keys-v1.d' created
gpg-agent[2964]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: Key generation canceled.
Okay, we've got two issues. One is the missing "/home/rpmbuild/.gnupg/S.gpg-agent" file, and the other is get_passphrase failure.
The get_passphares issue stems from how terminal sessions are created:
[root@satellite ~]# ll `tty`
crw--w----. 1 root tty 136, 1 May 15 09:29 /dev/pts/1
[root@satellite ~]# su - rpmbuild
[rpmbuild@satellite ~]$ ll `tty`
crw--w----. 1 root tty 136, 1 May 15 09:29 /dev/pts/1
More information here.
So this can simply be solved by logging in directly, e.g. ssh rpmbuild@localhost
The issue with the missing /home/rpmbuild/.gnupg/S.gpg-agent file can be resolved with:
[rpmbuild@satellite ~]$ gpg-agent --use-standard-socket --daemon
putting all the pieces together:
[rpmbuild@satellite ~]$ rm -rf .gnupg
[rpmbuild@satellite ~]$ ps -ef | grep gpg | grep -v grep
[rpmbuild@satellite ~]$ gpg-agent -v --use-standard-socket --daemon
gpg-agent[3823]: directory `/home/rpmbuild/.gnupg' created
gpg-agent[3823]: directory `/home/rpmbuild/.gnupg/private-keys-v1.d' created
gpg-agent[3823]: listening on socket `/home/rpmbuild/.gnupg/S.gpg-agent'
GPG_AGENT_INFO=/home/rpmbuild/.gnupg/S.gpg-agent:3824:1; export GPG_AGENT_INFO;
[rpmbuild@satellite ~]$ gpg-agent[3824]: gpg-agent (GnuPG) 2.0.14 started
[rpmbuild@satellite ~]$ gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: keyring `/home/rpmbuild/.gnupg/secring.gpg' created
gpg: keyring `/home/rpmbuild/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: rpmbuild
Email address: rpmbuild@example.com
Comment:
You selected this USER-ID:
"rpmbuild "
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
gpg-agent[3824]: handler 0x192f720 for fd 6 started
gpg-agent[3824]: S2K calibration: 9868288 iterations for 100ms
gpg-agent[3824]: starting a new PIN Entry
gpg-agent[3824]: starting a new PIN Entry
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg-agent[3824]: handler 0x19313a0 for fd 8 started
gpg-agent[3824]: handler 0x19313a0 for fd 8 terminated
gpg: /home/rpmbuild/.gnupg/trustdb.gpg: trustdb created
gpg: key DF1FDC54 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/DF1FDC54 2012-05-15
Key fingerprint = B017 B8A5 87EC C541 5F2A 9944 D7B1 D47B DF1F DC54
uid rpmbuild
sub 2048R/D0388310 2012-05-15
[rpmbuild@satellite ~]$
[rpmbuild@satellite ~]$ gpg --list-keys
/home/rpmbuild/.gnupg/pubring.gpg
---------------------------------
+-------------------------------------> Key ID, take note
| for key verification
pub 2048R/DF1FDC54 2012-05-15
uid rpmbuild
sub 2048R/D0388310 2012-05-15
So much for gnupg, let's go ahead and sign our rpm package:
[rpmbuild@satellite ~]$ rpm -qpi rpmbuild/RPMS/x86_64/fping-2.4b2-1.el6.x86_64.rpm
Name : fping Relocations: (not relocatable)
Version : 2.4b2 Vendor: (none)
Release : 1.el6 Build Date: Thu 10 May 2012 12:48:59 AM SGT
Install Date: (not installed) Build Host: satellite.localdomain
Group : Application/System Source RPM: fping-2.4b2-1.el6.src.rpm
Size : 36298 License: GPL
Signature : (none)
URL : http://ftp.gnu.org/gnu/fping/fping-2.4b2.tar.gz
Summary : fping compiled on the satellite server
[rpmbuild@satellite ~]$ rpm --resign rpmbuild/RPMS/x86_64/fping-2.4b2-1.el6.x86_64.rpm
Enter pass phrase:
Pass phrase is good.
rpmbuild/RPMS/x86_64/fping-2.4b2-1.el6.x86_64.rpm:
[rpmbuild@satellite ~]$ rpm -qpi rpmbuild/RPMS/x86_64/fping-2.4b2-1.el6.x86_64.rpm
warning: rpmbuild/RPMS/x86_64/fping-2.4b2-1.el6.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID df1fdc54: NOKEY
Name : fping Relocations: (not relocatable)
Version : 2.4b2 Vendor: (none)
Release : 1.el6 Build Date: Thu 10 May 2012 12:48:59 AM SGT
Install Date: (not installed) Build Host: satellite.localdomain
Group : Application/System Source RPM: fping-2.4b2-1.el6.src.rpm
Size : 36298 License: GPL
Signature : RSA/SHA1, Tue 15 May 2012 09:47:58 AM SGT, Key ID d7b1d47bdf1fdc54
URL : http://ftp.gnu.org/gnu/fping/fping-2.4b2.tar.gz
Summary : fping compiled on the satellite server
[rpmbuild@satellite ~]$ rpm -K -v rpmbuild/RPMS/x86_64/fping-2.4b2-1.el6.x86_64.rpm
rpmbuild/RPMS/x86_64/fping-2.4b2-1.el6.x86_64.rpm:
Header V4 RSA/SHA1 Signature, key ID df1fdc54: NOKEY
Header SHA1 digest: OK (403ad9c435ece72e34fc778c92607fac2e121dea)
V4 RSA/SHA1 Signature, key ID df1fdc54: NOKEY
MD5 digest: OK (4f5fd526622b0ee27388d7ea5357270c)
Export the gpg key:
[rpmbuild@satellite ~]$ gpg --export --armor DF1FDC54 > RPM-GPG-KEY
[rpmbuild@satellite ~]$ cat RPM-GPG-KEY
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)
mQENBE+xsAUBCADxCaVz/LFqaL4UDhTQeYorUIRldojUbe+GygH1wBKkZjTQO683
wtrBDwp5s39b5rw8mI6FGNXeBE/KN4aVk0zLpWIlQDOisirc92C0Pa9kIbFsOxY9
HkgBjWWNIEHmaHo85Uhj40SNXudvpQ5QPUDp8YtFJ3TgXQKJPvBE9DnwUbh/I+uJ
nMlkBa5zO5sNxEH5zyNh58jjF9CsVrIzc9PvL7rAfLRGfz9J8tQxa3JgeOu5Gffq
PC2FbSYOw+DNCSS7XsgRCGkFwZYDvHzmSaaSbH8vye3Kx3ckX0nnX0nbHdjAO/gs
koTz3O2PDw3agO9K2IihcWZA17JeSkePgn01ABEBAAG0H3JwbWJ1aWxkIDxycG1i
dWlsZEBleGFtcGxlLmNvbT6JATgEEwECACIFAk+xsAUCGwMGCwkIBwMCBhUIAgkK
CwQWAgMBAh4BAheAAAoJENex1HvfH9xUC4QH/RvK1Cudk/tSOYHep048BmJmxto9
uXNgrmWK/3VD0vvEITpEFW01On+L2hO5Ef4cCIPVlkzS31mePTQjfuCrtmMtX0aw
tDnP79yVoWSdMrQ4Xz8VVoquus5A1XbhFlubOKni0PPg5ReTIpTVP6DJbWKuOzNf
pVWl49AlfDi93BeKQsjsFYPTlpvNocK/U7lM/feHxx/ML2FLN0r7lGmxYUAQ30HS
Q7b8+EpbNSbOPorfOP4ifuqIFYt8gP3vJWh9W9/qQKnGDBRQDrmiMfF1WuRd8sfi
f4dx9CmsNmZcvs5650Ae38UEsLAff4cpGZHxTKQwENwkvsw+LWqQqugh7/u5AQ0E
T7GwBQEIANulyPo4hoEYmx69vlQ5T32DWoqjafw2B2eb4z4BMZJd/n3HIPRa2a1B
CE+G0y70h6gf6NgNuMEIB9U5WBnm/Y/UYMe0MbQaRFI/TH4TMPPS9jUcUZ/xi0na
LaYYE3QYj7PvJpgRTtc/E6W5RlqH+64MiTJSewsxkAcvbydRxBzS738WjsqmTQ3A
fCb/WT1GxQTNF9QAeSNy01h9Xuy0b1+W5ikCMkfDd6pvBNC6FzsRWg/VBT98c5zP
XbE99dIqOZBE/Tf7L4wp12IMCelnGPmQ7LrSFkxO0NlPQh7dQHjeDYv0hDiZayrW
H5N/iA2w1K0JTdNbRn+LfbJ4MkBP3OEAEQEAAYkBHwQYAQIACQUCT7GwBQIbDAAK
CRDXsdR73x/cVIGpB/42MFSSvfxf1m6iloo1XDm/vaPQlqUM4ESJBW3ULnsPvzq1
f+C2++KlGBqWlK1HAUH9f0C0kIlO1zUZ1vP5ZImNjiJAWNMVPbxgpjjMLhAEablp
5+a0pv0zVJA7rWO/aSIcYHJAwrTUUcvzUIAMohbOAiLQuVkKptepGHoz0I1YDTRi
AV51W0FzGYxX/w3EvFk2NYdwJZ4z0ZfrFLd0966EQ7m0CJVnFTWsaTzffsct4m+s
tSigARrBxwEgu6FWaoaBymZ1dwf1FWk/BX8NVizOXnv4OtwjO+sJNYmlGUbdQB12
6wqWk9MHFiyIeiAWObJnHNO9Ii4tfuF5tmiF2yjG
=bH4l
-----END PGP PUBLIC KEY BLOCK-----
copy the key to the satellite webserver's pub directory:
[root@satellite ~]# cd /home/rpmbuild/
[root@satellite rpmbuild]# cp RPM-GPG-KEY /var/www/html/pub/rpmbuild-RPM-GPG-KEY
This key is now available to client systems for import, e.g.:
[root@clientmachine ~]# rpm --import http://satellite/pub/rpmbuild-RPM-GPG-KEY
As channel administrator, create a new software channel (you'll need the gpg Key ID, fingerprint, and the gpg key url location) and upload the newly-signed RPM.
[rpmbuild@satellite ~]$ rhnpush --server=http://satellite/APP \
rpmbuild/RPMS/x86_64/fping-2.4b2-1.el6.x86_64.rpm -c sysadmin-tools
Red Hat Network username: channeladmin
Red Hat Network password:
RH401: Set up an SVN version control repository
on the satellite server:
from a client machine:
[root@satellite ~]# yum -y install subversion
[root@satellite ~]# mkdir -p /var/svn
[root@satellite ~]# svnadmin create /var/svn/myrepo
[root@satellite ~]# mkdir -p myproject/{branches,tags,trunk}
[root@satellite ~]# svn import -m 'initial import' myproject file:///var/svn/myrepo
Adding myproject/trunk
Adding myproject/branches
Adding myproject/tags
[root@satellite ~]# svn list file:///var/svn/myrepo
branches/
tags/
trunk/
from a client machine:
[root@home ~]# yum -y install subversion
[root@home ~]# svn list svn+ssh://root@satellite/var/svn/myrepo
branches/
tags/
trunk/
RH401: Create activation keys
Activation Keys
Activation Keys are used to register systems. Systems registered with an activation key will inherit the characteristics defined by that key.
A management entitlement is required for any system that uses an activation key to register to RHN. If there is no active management entitlement in the account, the Activation Keys option will not be visible under the Systems tab.
Creating an RHN activation key is simple, and it allows you to securely register your systems to RHN or RHN Satellite via the command line. Most commonly, this is used as part of remote kickstart installations in the %post install section.
At this point, you can also associate Child Channels, Groups as well as Configuration Channels (provided you have Provisioning Entitlement) with the key so that systems registered with it automatically subscribe to them.
To change information about a key, such as the channels or groups, click its description in the key list, make your modifications in the appropriate tab, and click the Update Key button. To disassociate channels and groups from a key, deselect them in their respective menus by Ctrl-clicking their highlighted names. To remove a key entirely, click the delete key link in the top-right corner of the edit page.
Once you have created your activation key, you can use it to register any Red Hat Enterprise Linux system from the command line.
sources(requires a redhat account):
Generate a RHN Activation Key ...
How to use rhnreg_ks ...
Activation Keys are used to register systems. Systems registered with an activation key will inherit the characteristics defined by that key.
A management entitlement is required for any system that uses an activation key to register to RHN. If there is no active management entitlement in the account, the Activation Keys option will not be visible under the Systems tab.
Creating an RHN activation key is simple, and it allows you to securely register your systems to RHN or RHN Satellite via the command line. Most commonly, this is used as part of remote kickstart installations in the %post install section.
1. Log in to your RHN account or Satellite server as a user with administrative privileges
2. Go to Systems -> Activation Keys -> Create New Key
3. Fill in the Description field with something meaningful (like "marketing," or "developer")
4. Set the Usage Limit if you wish to enforce a maximum number of systems that can use this key
5. Set Add-On Entitlements to "Provisioning" or "Management" depending on the needs of this system
6. Set Universal Default. Universal Default means that this key will be used for any system
registered to this account that does not specify a key. Set this to "yes" if you want this key to
be the default key; set this to "no" if you want this key to be used only when specified.
At this point, you can also associate Child Channels, Groups as well as Configuration Channels (provided you have Provisioning Entitlement) with the key so that systems registered with it automatically subscribe to them.
To change information about a key, such as the channels or groups, click its description in the key list, make your modifications in the appropriate tab, and click the Update Key button. To disassociate channels and groups from a key, deselect them in their respective menus by Ctrl-clicking their highlighted names. To remove a key entirely, click the delete key link in the top-right corner of the edit page.
Once you have created your activation key, you can use it to register any Red Hat Enterprise Linux system from the command line.
rhnreg_ks --activationkey=
rhnreg_ks --profilename=my_rhel_system01 --activationkey=1-2b48feedf5b5a0e0609ae028d9275c93
rhnreg_ks --profilename=my_rhel_system01 --username=myusername --password=mypw1234
sources(requires a redhat account):
Generate a RHN Activation Key ...
How to use rhnreg_ks ...
RH401: preparing your satellite server virtual machine
If you've forgotten that Virtual Machine Manager creates a 'raw' disk by default (which does't support snapshots), you probably want to convert it to a qcow2 image.
backup your virtual machine configuration
or
create a snapshot xml file
make sure that your vm is offline
this should fail
raw disks doesn't support snapshots. qcow2 does. It uses a sparse file. I don't know how the performance is (since the underlying OS has to keep allocating space on demand) but here's how its done:
do this for all the disks on your vm
edit the vm's config to make use of the new disks
save and exit. create a snapshot
delete whatever is not required, if you are short of disk space like me
once you have verified that everything is working as expected, you may relocate or remove the raw disks.
backup your virtual machine configuration
[root@home ~]# virsh dumpxml satellite > satellite-backup.xml
or
[root@home ~]# cd /etc/libvirt/qemu/
[root@home qemu]# ls
networks satellite.xml
[root@home qemu]# cp satellite.xml ~/satellite-backup.xml
create a snapshot xml file
[root@home ~]# cat satellite.xml
satellite-05072012
test snapshot for satellite server
make sure that your vm is offline
[root@home ~]# virsh list --all
Id Name State
----------------------------------
- satellite shut off
this should fail
[root@home ~]# virsh snapshot-create satellite satellite.xml
error: Requested operation is not valid: Disk
'/var/lib/libvirt/images/satellite.img' does not support snapshotting
[root@home ~]# cd /var/lib/libvirt/images
[root@home images]# ls
lost+found satellite-1.img satellite-2.img satellite-3.img satellite.img
[root@home images]# qemu-img info satellite.img
image: satellite.img
file format: raw
virtual size: 20G (21474836480 bytes)
disk size: 20G
raw disks doesn't support snapshots. qcow2 does. It uses a sparse file. I don't know how the performance is (since the underlying OS has to keep allocating space on demand) but here's how its done:
[root@home images]# qemu-img convert -f raw -O qcow2 -o preallocation=metadata
satellite.img satellite.qcow2
[root@home images]# qemu-img info satellite.qcow2
image: satellite.qcow2
file format: qcow2
virtual size: 20G (21474836480 bytes)
disk size: 13G
cluster_size: 65536
do this for all the disks on your vm
edit the vm's config to make use of the new disks
[root@home ~]# virsh edit satellite
(replace the old raw disks with the new qcow2 disks)
...
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/satellite.qcow2'/>
...
save and exit. create a snapshot
[root@home ~]# export VIRSH_DEBUG=0
[root@home ~]# virsh snapshot-create-as satellite \
satellite-20120509-debug 'satellite server base install'
snapshot-create-as: found option : satellite
snapshot-create-as: trying as domain NAME
Domain snapshot satellite-20120509-debug created
delete whatever is not required, if you are short of disk space like me
[root@home ~]# unset VIRSH_DEBUG
[root@home ~]# virsh snapshot-list satellite
Name Creation Time State
------------------------------------------------------------
1336569081 2012-05-09 21:11:21 +0800 shutoff
satellite-20120509 2012-05-09 21:20:20 +0800 shutoff
satellite-20120509-debug 2012-05-09 21:26:45 +0800 shutoff
[root@home ~]# virsh snapshot-delete satellite 1336569081
[root@home ~]# virsh snapshot-delete satellite satellite-20120509
[root@home ~]# virsh start satellite
once you have verified that everything is working as expected, you may relocate or remove the raw disks.
RH401: Create a custom RPM spec file and build a binary RPM from source code
if you are going to create RPMs, you definitely need gcc
create a build user
setup build user's environment
this takes care of .rpmmacros population and rpmbuild directory tree creation
generate a spec file:
edit the values accordingly. documentation below might help:
let's try to compile fping as an exercise. this package comes with its own spec file, but let's make our own:
we will need to sign this package later before we can upload to the satellite server
[root@satellite ~]# yum -y install gcc openssl-devel
create a build user
[root@satellite ~]# useradd rpmbuild
[root@satellite ~]# su - rpmbuild
setup build user's environment
[rpmbuild@satellite ~] sudo yum install rpmdevtools
[rpmbuild@satellite ~] rpmdev-setuptree
this takes care of .rpmmacros population and rpmbuild directory tree creation
generate a spec file:
[rpmbuild@satellite ~]$ rpmdev-newspec test.spec
test.spec created; type minimal, rpm version >= 4.9.
edit the values accordingly. documentation below might help:
[rpmbuild@satellite ~]$ vi /usr/share/doc/rpm-4.9.1.3/spec
let's try to compile fping as an exercise. this package comes with its own spec file, but let's make our own:
[rpmbuild@satellite ~]$ cd rpmbuild/SOURCES/
[rpmbuild@satellite SOURCES]$ wget http://fping.sourceforge.net/download/fping.tar.gz
...
[rpmbuild@satellite SOURCES]$ ls
fping.tar.gz
[rpmbuild@satellite SOURCES]$ tar -zxvf fping.tar.gz; mv -f fping-2.4b2_to fping-2.4b2
[rpmbuild@satellite SOURCES]$ tar -zcvf fping-2.4b2.tar.gz fping-2.4b2
[rpmbuild@satellite SOURCE]$ cd
[rpmbuild@satellite ~]$ rpmdev-newspec fping.spec
Skeleton specfile (minimal) has been created to "fping.spec".
(edit the spec file to taste)
[rpmbuild@satellite ~]$ rpmbuild -bb fping.spec
...
error: Installed (but unpackaged) file(s) found:
/usr/sbin/fping
/usr/share/man/man8/fping.8.gz
...
(edit the spec file and add these files under %files)
[rpmbuild@satellite ~]$ rpmbuild -bb fping.spec
Wrote: /home/rpmbuild/rpmbuild/RPMS/x86_64/fping-2.4b2-1.el6.x86_64.rpm
[rpmbuild@satellite ~]$ rpm -qpi /home/rpmbuild/rpmbuild/RPMS/x86_64/fping-2.4b2-1.el6.x86_64.rpm
Name : fping Relocations: (not relocatable)
Version : 2.4b2 Vendor: (none)
Release : 1.el6 Build Date: Thu 10 May 2012 12:48:59 AM SGT
Install Date: (not installed) Build Host: satellite.localdomain
Group : Application/System Source RPM: fping-2.4b2-1.el6.src.rpm
Size : 36298 License: GPL
Signature : (none)
URL : http://ftp.gnu.org/gnu/fping/fping-2.4b2.tar.gz
Summary : fping compiled on the satellite server
Description :
fping compiled on the satellite server
as an exercise for EX401
we will need to sign this package later before we can upload to the satellite server
RH401: Add base channels from ISO image
1. Download the "base channels content ISOs" from access.redhat.com, from the same location where you downloaded satellite.
This is not the same as the typical dvd install ISOs. For example, for RHEL 6 "x86_64 + EUS + AUS + RHN Proxy/Tools + Supplementary", I downloaded 6 ISOs approximately 22G in total.
2. Best to place these ISOs on an nfs share or a separate partition, so when you need to reinstall satellite you won't have a problem wiping out the disks.
3. prep work
update: The sync command above was extremely slow on my virtual machine (11 hours), %iowait was pretty high (around 40-50%) and there was constant paging. This is probably due to my virtual disks on "SCSI" disk bus. I read on some post somewhere that this currently has issues (at the time of this writing) and I'll get much better results with "virtio" driver. I also configured my virtual machine to use 2GB of physical memory instead of the recommended 4GB. I then sync'ed a child channel from ISO, it ran pretty quick, with no iowait or paging. Whether it was due to the disk driver or a child-channel sync having a small subset of things to sync, I'll find out on my next reinstall.
This is not the same as the typical dvd install ISOs. For example, for RHEL 6 "x86_64 + EUS + AUS + RHN Proxy/Tools + Supplementary", I downloaded 6 ISOs approximately 22G in total.
2. Best to place these ISOs on an nfs share or a separate partition, so when you need to reinstall satellite you won't have a problem wiping out the disks.
3. prep work
[root@satellite ~]# mkdir -p /var/rhn-sat-import/RHEL6
[root@satellite ~]# mount home:/home/m/software/iso /mnt/nfs
[root@satellite ~]# mount /mnt/nfs/rhn-export-rhel-x86_64-6-20111213.0-01.iso -o loop /mnt/iso/
[root@satellite ~]# cp -ruv /mnt/iso/* /var/rhn-sat-import/RHEL6/
[root@satellite ~]# satellite-sync --list-channels --mount-point /var/rhn-sat-import/RHEL6
[root@satellite ~]# satellite-sync -c rhel-x86_64-server-6 --mount-point /var/rhn-sat-import/RHEL6
update: The sync command above was extremely slow on my virtual machine (11 hours), %iowait was pretty high (around 40-50%) and there was constant paging. This is probably due to my virtual disks on "SCSI" disk bus. I read on some post somewhere that this currently has issues (at the time of this writing) and I'll get much better results with "virtio" driver. I also configured my virtual machine to use 2GB of physical memory instead of the recommended 4GB. I then sync'ed a child channel from ISO, it ran pretty quick, with no iowait or paging. Whether it was due to the disk driver or a child-channel sync having a small subset of things to sync, I'll find out on my next reinstall.
RH401: Install an RHN Satellite server
ingredients
a. RHEL6 base install
b. satellite installation iso
c. Sattelite channel content iso for populating channels later
d. certificate file, should be provided by the examiner, else I don't know how are we going to get this
1. install a basic RHEL6 server
note: if the exam doesn't say anything about SElinux being enabled, DISABLE IT!
if the exam asks for SElinux, install setroubleshoot-server. this will give you sedispatch.
if something is not running as expected, do 'grep AVC /var/log/audit/audit.log | sedispatch', then tail /var/log/messages and follow from there.
2. during install, make sure to allocate enough space for the following:
3. install satellite
* The installer will ask for the certificate file location. make sure to have it beforehand.
* I'm also guessing that the exam will ask for an built-in database install (because there's an option to install satellite only, and configure database connection to a live Oracle database setup within the network. However, if you have time, it doesn't hurt to learn this as well).
* after installation, make sure that httpd is chkconfig'd on. I think mine was off, but I can't really remember.
* Admin account creation is straightforward, as in "next > next > OK" from the web gui
a. RHEL6 base install
b. satellite installation iso
c. Sattelite channel content iso for populating channels later
d. certificate file, should be provided by the examiner, else I don't know how are we going to get this
1. install a basic RHEL6 server
note: if the exam doesn't say anything about SElinux being enabled, DISABLE IT!
if the exam asks for SElinux, install setroubleshoot-server. this will give you sedispatch.
if something is not running as expected, do 'grep AVC /var/log/audit/audit.log | sedispatch', then tail /var/log/messages and follow from there.
2. during install, make sure to allocate enough space for the following:
/var/cache/rhn 10G /rhnsat 12G /var/satellite 30G
3. install satellite
[root@home ~]# virsh start satellite
Domain satellite started
[root@home ~]# virsh list
Id Name State
----------------------------------
1 satellite running
[root@home ~]# virsh console 1
Connected to domain satellite
[root@satellite ~]# mount -o loop /mnt/nfs/satellite-embedded-oracle-5.4.1-20110615-rhel-6-x86_64.iso /mnt/iso
[root@satellite ~]# cd /mnt/iso
[root@satellite iso]# ls
EmbeddedDB install install.pl README Satellite TRANS.TBL updates
[root@satellite iso]# ./install.pl --help
* Starting the Red Hat Network Satellite installer.
usage: ./install.pl [ --help ] [ --answer-file= ] [ --non-interactive ] [ --skip-system-version-test ]
[ --skip-selinux-test ] [ --skip-fqdn-test ] [ --skip-db-install ] [ --skip-db-diskspace-check ]
[ --skip-db-population ] [ --skip-gpg-key-import ] [ --skip-ssl-cert-generation ] [--skip-ssl-vhost-setup]
[ --skip-services-check ] [ --clear-db ] [ --re-register ] [ --disconnected ] [ --upgrade ]
[ --run-updater=] [--run-cobbler] [ --enable-tftp=]
...
[root@satellite iso]# ./install.pl
* The installer will ask for the certificate file location. make sure to have it beforehand.
* I'm also guessing that the exam will ask for an built-in database install (because there's an option to install satellite only, and configure database connection to a live Oracle database setup within the network. However, if you have time, it doesn't hurt to learn this as well).
* after installation, make sure that httpd is chkconfig'd on. I think mine was off, but I can't really remember.
* Admin account creation is straightforward, as in "next > next > OK" from the web gui
RH401: Objectives
objectives:
Install an RHN Satellite server
Add base channels from ISO images
Create child channels of a base channel
Create different types of users
Create groups and add group admins
Create configuration channels
Create a custom RPM spec file and build a binary RPM from source code
Upload custom RPMS to an RHN Satellite server
Create Activation keys
Assign groups, software channels and configuration channels to the Activation key
Configure errata
Provisioning clients using kickstart
Set up and configure DHCP
Configure PXE-boot
Set up an SVN version control repository
Kickstart a machine using Cobbler
Manage virtual systems using RHN Satellite Server
Clone channels and use a cloned channel
Subscribe to:
Posts (Atom)