RHN Proxy Server 2.1: Installation Guide
Previous Appendix G. Manual Installation and Configuration Next

G.4. RHN Proxy Broker Server

After installing the Apache Web Server, installing and configuring the HTTP proxy caching server, and installing the RHN Authentication Daemon, it is time to start installing and configuring the RHN Proxy Broker Server component:

  1. The hardware clock of the system that will act as the RHN Proxy Broker Server must be set to UTC.

    Warning Warning
     

    There is great time sensitivity when connecting to a Web server running SSL; it is imperative the time settings on the clients and server are reasonably close together so the SSL certificate does not expire too quickly. It is recommended NTP be used to synchronize the clocks.

  2. Before installing the rhns-proxy-broker RPM package, the Red Hat Linux system that will act as the RHN Proxy Broker Server must be registered with Spacewalk as a client. Run the Spacewalk Registration Client on the system with the rhn_register command. It gathers software and hardware information about the system, sends the information to the RHN servers, and generates a unique Digital Certificate on the system in the file /etc/sysconfig/rhn/systemid.

  3. The Digital Certificate file must exist before the rhns-proxy-broker RPM package can be installed with the command:

    rpm -Uvh rhns-proxy-broker-<version-number>.rpm
    

    The RHN Proxy Broker Server uses this Digital Certificate for authentication purposes. The post section of the package changes the ownership and permissions of the Digital Certificate file (/etc/sysconfig/rhn/systemid) if it exists. It will exist if you have already registered the system with RHN. Verify that this file is owned by root.apache and has the permissions 0640. Because the RHN Proxy Broker Server is an extension of Apache, the apache user must be able to access the file.

    While installing the rhns-proxy-broker package, you must also install the rhns and rhns-certs-tools packages and their dependencies listed in Section 2.1 Software Requirements.

    The RHN Proxy Broker Server code is installed in /var/www/rhns/proxy and /var/www/rhns/common directories. Settings are configured in /etc/rhn/rhn.conf.

  4. During the configuration of the Apache Web Server, the conf/rhn_proxy_broker.conf file should have been included in the httpd.conf Apache configuration file. Edit the rhn_proxy_broker.conf file to control access to the RHN Proxy Broker Server.

  5. The /etc/rhn/rhn.conf configuration file is divided into four sections: the common section, the RHN Proxy Broker Server section, the RHN Proxy SSL Redirect Server section, and the RHN Authentication Daemon section. The settings in the common section apply globally and can be overridden in the RHN Proxy Broker Server, RHN Proxy SSL Redirect Server, and RHN Authentication Daemon sections. All directives in the RHN Proxy Broker Server section begin with proxy.broker, all directives in the RHN Proxy SSL Redirect Server section begin with proxy.redirect, and all directives in the RHN Authentication Daemon section begin with auth_cache.

    In the common section, at a minimum, set the traceback_mail variable.

    # ___traceback mail___
    traceback_mail = root@mycompany.com, bob@mycompany.com
    
  6. The debug variable can also be set for debugging purposes. The higher the number, the more debugging messages are written to the log file. The highest debug number is 6, and the default value is 5.

    For example:

    # ___logging___
    debug          = 2  # I want a minimal amount of debugging.
    
  7. At a minimum, set following variables in the RHN Proxy Broker Server section:

    # ___this proxy broker's downstream parent or redirect server___
    # proxy.broker.rhn_parent = xmlrpc.rhn.redhat.com/XMLRPC
    proxy.broker.rhn_parent = rhn_ssl_redirect_box.mycompany.com/XMLRPC_REDIRECT
    
    # ___this proxy broker's cache (e.g. squid)___
    proxy.broker.http_proxy        = squid1.mycompany.com:8080
    proxy.broker.auth_cache_server = 127.0.0.1
    

    Important Important
     

    proxy.broker.rhn_parent must be set to a fully qualified URL that can be resolved by all RHN Proxy Server components or a valid IP address. If any component resides on a different machine (outside of the machine that acts as the RHN Proxy Broker Server), proxy.broker.rhn_parent should not be set to 127.0.0.1 or localhost. If it is set to 127.0.0.1 or localhost, the other components may not be able to resolve the URL or IP address to the correct server.

  8. If you are not using an RHN Proxy SSL Redirect Server, set the proxy.broker.rhn_parent directive to xmlrpc.rhn.redhat.com/XMLRPC.

  9. If the port number for the RHN Authentication Daemon is not the default port of 9999, set the proxy.broker.auth_cache_server_port in the configuration file on the RHN Proxy Broker Server.

  10. If you configure the RHN Package Manager, you must specify the stored packages directory. By default, the RHN Package Manager stores packages in the /var/up2date/packages directory. If the RHN Package Manager is configured to store packages in a different directory, that directory must be declared in rhn.conf:

    proxy.broker.pkg_dir = /var/up2date/packages
    

The /var/log/rhn/rhn_proxy_broker.log file contains the log messages for the RHN Proxy Broker Server. The proxy.broker.debug directive in rhn.conf determines how verbose the log messages are for the RHN Proxy Broker Server. Refer to Table G-1 for an explanation of the debug values.

Warning Warning
 

Modifications of /etc/rhn/rhn.conf take effect immediately, but if modifying any httpd /etc/httpd/conf/*.conf file, one must "bounce" the HTTP server with the command /sbin/service httpd restart

Previous Home Next
HTTP Proxy Caching Server Configuration Up RHN Authentication Daemon