At work, we have an RHN satellite that is registered against RHN, and pulls down all the updates as necessary for the 32-bit and 64-bit RHEL servers that we have in our network. We currently have 34 RHEL servers in operation, with the expectation to grow past 40, all without virtualization. When we really start taking advantage of Xen and/or KVM, so our developers each have their own sandbox, our RHEL saturation will grow past 200. We need a simple way to manage this. My solution was simple: install clusterssh on my Linux desktop, then write a simple script to automate the regestration. First, the script:
# Register the machine with the local satellite
# Replace 'server.com' with the FQDN of your satellite server
rpm -Uvh http://server.com/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
sed -i 's/https:\/\/xmlrpc.rhn.redhat.com/https:\/\/server.com/' /etc/sysconfig/rhn/up2date
sed -i 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/' /etc/sysconfig/rhn/up2date
if rpm -q yum &> /dev/null; then
yum clean all
yum -y update
This script doesn’t have much to it, but it sure beats the pants off doing it manually. It installs the SSL certificate necessary for communicating with the satellite. Note: if your date timestamp is not in sync with the satellite, then the SSL certificate will fail validation against the satellite, and you won’t be able to continue. It would be ideal if you are taking advantage of NTP, encrypted or unencrypted, to keep all your dates in sync.
After installing the certificate, we make only two edits to the /etc/sysconfig/rhn/up2date file, pointing our updates to our satellite and telling it the certificate that it needs to use. After which, we run ‘rhn_register’ to register ourselves against the satellite. This will require interaction, specifying your username and password to login to the satellite, and so forth. Lastly, after the registration, we update our system to grab and install the latest packages.
Now, with 200 possible RHEL systems, doing this on each system one by one could be problematic. My solution? I installed clusterssh to manage the large amounts of servers that I’m interacting with. I then created a .csshrc file to store all the profiles that I need. Now, when I’m ready to register the systems, I can do them in bulk, rather than one at a time. Of course, you can have X11 forwarding to your display, if you want, as clusterssh reads the standard SSH config file in your home directory, as clusterssh is just a frontend to multiple SSH connections. This could get messy though, with several popups on your desktop. Your mileage may vary.
Now, the results. I have just registered 16 RHEL 5.2 servers against my satellite in the time in would take me to do one. Good thing for good GNU/Linux tools and a little bit of hackery.