Penn State Departmental Red Hat satellite server client config
This script has been updated. It will work for all RHEL 3-5 systems.
To config your system automatically:
1.Type the following command at a command prompt, you will need to be root to run it successfully.
wget -qO- http://computerstore.psu.edu/rhn/bootstrap.sh| /bin/bash
2.You may wish to run up2date (RHEL 3 & 4) or yum (RHEL 5) after the above command.
Here is the script as text if you prefer to view it before execution:
#!/bin/bash
echo "RHN Satellite Server Client bootstrap script v4.0"
# This file was autogenerated. Minor manual editing of this script (and
# possibly the client-config-overrides.txt file) may be necessary to complete
# the bootstrap setup. Once customized, the bootstrap script can be triggered
# in one of two ways (the first is preferred):
#
# (1) centrally, from the RHN Satellite Server via ssh (i.e., from the
# RHN Satellite Server):
# cd /var/www/html/pub/bootstrap/
# cat bootstrap-.sh | ssh root@ /bin/bash
#
# ...or...
#
# (2) in a decentralized manner, executed on each client, via wget or curl:
# wget -qO- https:///pub/bootstrap/bootstrap-.sh | /bin/bash
# ...or...
# curl -Sks https:///pub/bootstrap/bootstrap-.sh | /bin/bash
# SECURITY NOTE:
# Use of these scripts via the two methods discussed is the most expedient
# way to register machines to your RHN Satellite Server. Since "wget" is used
# throughout the script to download various files, a "Man-in-the-middle"
# attack is theoretically possible.
#
# The actual registration process is performed securely via SSL, so the risk
# is minimized in a sense. This message merely serves as a warning.
# Administrators need to appropriately weigh their concern against the
# relative security of their internal network.
# PROVISIONING/KICKSTART NOTE:
# If provisioning a client, ensure the proper CA SSL public certificate is
# configured properly in the post section of your kickstart profiles (the
# RHN Satellite or hosted web user interface).
# UP2DATE/RHN_REGISTER VERSIONING NOTE:
# This script will not work with very old versions of up2date and
# rhn_register.
# can be edited, but probably correct (unless created during initial install):
# NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine.
ACTIVATION_KEYS=not_used
ORG_GPG_KEY=psu-pgp.txt
# can be edited, but probably correct:
CLIENT_OVERRIDES=client-config-overrides.txt
HOSTNAME=redhat.its.psu.edu
ORG_CA_CERT=rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
ORG_CA_CERT_IS_RPM_YN=1
USING_SSL=1
USING_GPG=1
REGISTER_THIS_BOX=1
ALLOW_CONFIG_ACTIONS=0
ALLOW_REMOTE_COMMANDS=0
FULLY_UPDATE_THIS_BOX=0
#
# -----------------------------------------------------------------------------
# DO NOT EDIT BEYOND THIS POINT -----------------------------------------------
# -----------------------------------------------------------------------------
#
# Make sure the user is root
if [ `whoami` != "root" ] ; then
echo "ERROR: You must be root to register with the satellite"
exit 1
fi
# an idea from Erich Morisse (of Red Hat).
# use either wget *or* curl
# Also check to see if the version on the
# machine supports the insecure mode and format
# command accordingly.
if [ -x /usr/bin/wget ] ; then
output=`LC_MESSSAGES=C /usr/bin/wget --no-check-certificate 2>&1`
error=`echo $output | grep "unrecognized option"`
if [ -z "$error" ] ; then
FETCH="/usr/bin/wget -q -r -nd --no-check-certificate"
else
FETCH="/usr/bin/wget -q -r -nd"
fi
else
if [ -x /usr/bin/curl ] ; then
output=`LC_MESSSAGES=C /usr/bin/curl -k 2>&1`
error=`echo $output | grep "is unknown"`
if [ -z "$error" ] ; then
FETCH="/usr/bin/curl -SksO"
else
FETCH="/usr/bin/curl -SsO"
fi
fi
fi
HTTP_PUB_DIRECTORY=http://${HOSTNAME}/pub
HTTPS_PUB_DIRECTORY=https://${HOSTNAME}/pub
if [ $USING_SSL -eq 0 ] ; then
HTTPS_PUB_DIRECTORY=${HTTP_PUB_DIRECTORY}
fi
echo
echo "UPDATING RHN_REGISTER/UP2DATE CONFIGURATION FILES"
echo "-------------------------------------------------"
echo "* downloading necessary files"
echo " client_config_update.py..."
rm -f client_config_update.py
$FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/client_config_update.py
echo " ${CLIENT_OVERRIDES}..."
rm -f ${CLIENT_OVERRIDES}
$FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/${CLIENT_OVERRIDES}
if [ ! -f "client_config_update.py" ] ; then
echo "ERROR: client_config_update.py was not downloaded"
exit 1
fi
if [ ! -f "${CLIENT_OVERRIDES}" ] ; then
echo "ERROR: ${CLIENT_OVERRIDES} was not downloaded"
exit 1
fi
echo "* running the update scripts"
if [ -f "/etc/sysconfig/rhn/rhn_register" ] ; then
echo " . rhn_register config file"
/usr/bin/python -u client_config_update.py /etc/sysconfig/rhn/rhn_register ${CLIENT_OVERRIDES}
fi
echo " . up2date config file"
/usr/bin/python -u client_config_update.py /etc/sysconfig/rhn/up2date ${CLIENT_OVERRIDES}
YUM=up2date
if [ -f /usr/bin/yum ] ; then
YUM=yum
fi
if [ ! -z "$ORG_GPG_KEY" ] ; then
echo
echo "* importing organizational GPG key"
rm -f ${ORG_GPG_KEY}
$FETCH ${HTTPS_PUB_DIRECTORY}/${ORG_GPG_KEY}
# get the major version of up2date
# this will also work for RHEL 5 and systems where no up2date is installed
res=$(LC_MESSAGES=C rpm -q --queryformat '%{version}' up2date | sed -e 's/\..*//g')
if [ "$res" = 2 ] ; then
gpg $(up2date --gpg-flags) --import $ORG_GPG_KEY
else
if [ "$YUM" = yum ] ; then
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
rpm --import $ORG_GPG_KEY
else
rpm --import /usr/share/rhn/RPM-GPG-KEY
rpm --import $ORG_GPG_KEY
fi
fi
fi
echo
echo "* attempting to install corporate public CA cert"
if [ $USING_SSL -eq 1 ] ; then
if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then
rpm -Uvh ${HTTP_PUB_DIRECTORY}/${ORG_CA_CERT}
else
rm -f ${ORG_CA_CERT}
$FETCH ${HTTP_PUB_DIRECTORY}/${ORG_CA_CERT}
mv ${ORG_CA_CERT} /usr/share/rhn/
fi
fi
echo
echo "REGISTRATION"
echo "------------"
# Should have created an activation key or keys on the RHN Satellite Server's
# website and edited the value of ACTIVATION_KEYS above.
#
# If you require use of several different activation keys, copy this file and
# change the string as needed.
#
if [ $REGISTER_THIS_BOX -eq 1 ] ; then
echo "* registering"
# /usr/sbin/rhnreg_ks --force --activationkey "$ACTIVATION_KEYS"
/usr/sbin/rhn_register --nox
if [ $? != 0 ] ; then
echo "There was an error trying to register please see the above text"
exit 1
fi
echo
echo "*** this system should now be registered, please verify ***"
echo
else
if [ "$YUM" = yum ] ; then
echo "yum upgrade yum yum-rhn-plugin; rhn-profile-sync"
else
echo "up2date up2date; up2date -p"
fi
fi
echo
echo "OTHER ACTIONS"
echo "------------------------------------------------------"
if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then
if [ "$YUM" = yum ] ; then
echo "yum upgrade yum yum-rhn-plugin; rhn-profile-sync; yum upgrade"
else
echo "up2date up2date; up2date -p; up2date -uf (conditional)"
fi
else
echo "up2date up2date; up2date -p"
fi
echo "but any post configuration action can be added here. "
echo "------------------------------------------------------"
if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then
echo "* completely updating the box"
else
echo "* ensuring $YUM itself is updated"
fi
if [ "$YUM" = yum ] ; then
/usr/bin/yum upgrade yum yum-rhn-plugin
if [ -f /usr/sbin/rhn-profile-sync ] ; then
/usr/sbin/rhn-profile-sync
else
echo "Error updating system info in RHN Satellite."
echo " Please ensure that rhn-profile-sync in installed and rerun it."
fi
if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then
/usr/bin/yum upgrade
fi
else
/usr/sbin/up2date up2date
/usr/sbin/up2date -p
if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then
/usr/sbin/up2date -uf
fi
fi
echo "-bootstrap complete-"