This screen is accessed from the home screen: e create entitlement certificates and client configuration RPMs This screen focuses on the two primary client-related utilities: - generation of entitlement certificates that grant access to all or a subset of repositories hosted by the RHUI - creation of RPMs that can be installed on a client to install the entitlement certificate and create a .repo file that will contain definitions to access all of the entitled repos ============================================================================== Generate an Entitlement Certificate e generate an entitlement certificate Much of this functionality existed in RHUI 1.2 as well, so I won't go into too deep of an explanation again here. Does the following: - Prompts the user to select one or more protected repositories (read: those requiring entitlements to access). Both Red Hat and custom repos are displayed. - Prompts the user for the name of the certificate. This is completely arbitrary and will be used as the name of the generated files (cert and private key), but we recommend they choose something that helps identify the products in the cert. - Prompts for where to create the certificates. - Prompts the user for the serial number - Prompts for the number of days the cert should be valid If the user's CA private key requires a password to sign certificates, the user will be prompted at the end of this process. As for when/where the user specifies that CA cert and private key... I'm still deciding. I haven't decided yet if it will be a first launch sort of thing or just an installation instruction to update rhui-tools.conf to point to it. In either case, I don't think that information needs to go here. It will find its way into some other part of the documentation. Sample: ------------------------------------------------------------------------------ rhui (client) => e Select one or more repositories to include in the entitlement certificate: (an * next to a Red Hat repository indicates it is deployed in the RHUI) Custom Repositories - 1 : /protected/$basearch/os Repo 1 Repo 2 Red Hat Repositories - 2 : Red Hat Enterprise Linux Server (RPMs) - 3 : Red Hat Enterprise Linux Server (SRPMS) - 4 : Red Hat Enterprise Linux Server (STS) - 5 : Red Hat Enterprise Linux Server 6 Optional Releases (RPMs) - 6 : Red Hat Enterprise Linux Server 6 Optional Releases (SRPMS) - 7 : Red Hat Enterprise Linux Server 6 Optional Updates (RPMs) - 8 : Red Hat Enterprise Linux Server 6 Optional Updates (SRPMS) - 9 : Red Hat Enterprise Linux Server 6 Releases (RPMs) - 10: Red Hat Enterprise Linux Server 6 Releases (SRPMS) - 11: Red Hat Enterprise Linux Server 6 Updates (RPMs) - 12: Red Hat Enterprise Linux Server 6 Updates (SRPMS) - 13: Red Hat Update Infrastructure 1.2 (RPMs) * - 14: Red Hat Update Infrastructure 1.2 (SRPMS) * Enter value from (1-14) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1 Select one or more repositories to include in the entitlement certificate: (an * next to a Red Hat repository indicates it is deployed in the RHUI) Custom Repositories x 1 : /protected/$basearch/os Repo 1 Repo 2 Red Hat Repositories - 2 : Red Hat Enterprise Linux Server (RPMs) - 3 : Red Hat Enterprise Linux Server (SRPMS) - 4 : Red Hat Enterprise Linux Server (STS) - 5 : Red Hat Enterprise Linux Server 6 Optional Releases (RPMs) - 6 : Red Hat Enterprise Linux Server 6 Optional Releases (SRPMS) - 7 : Red Hat Enterprise Linux Server 6 Optional Updates (RPMs) - 8 : Red Hat Enterprise Linux Server 6 Optional Updates (SRPMS) - 9 : Red Hat Enterprise Linux Server 6 Releases (RPMs) - 10: Red Hat Enterprise Linux Server 6 Releases (SRPMS) - 11: Red Hat Enterprise Linux Server 6 Updates (RPMs) - 12: Red Hat Enterprise Linux Server 6 Updates (SRPMS) - 13: Red Hat Update Infrastructure 1.2 (RPMs) * - 14: Red Hat Update Infrastructure 1.2 (SRPMS) * Enter value from (1-14) to toggle selection, 'c' to confirm selections, or '?' for more commands: 13-14 Select one or more repositories to include in the entitlement certificate: (an * next to a Red Hat repository indicates it is deployed in the RHUI) Custom Repositories x 1 : /protected/$basearch/os Repo 1 Repo 2 Red Hat Repositories - 2 : Red Hat Enterprise Linux Server (RPMs) - 3 : Red Hat Enterprise Linux Server (SRPMS) - 4 : Red Hat Enterprise Linux Server (STS) - 5 : Red Hat Enterprise Linux Server 6 Optional Releases (RPMs) - 6 : Red Hat Enterprise Linux Server 6 Optional Releases (SRPMS) - 7 : Red Hat Enterprise Linux Server 6 Optional Updates (RPMs) - 8 : Red Hat Enterprise Linux Server 6 Optional Updates (SRPMS) - 9 : Red Hat Enterprise Linux Server 6 Releases (RPMs) - 10: Red Hat Enterprise Linux Server 6 Releases (SRPMS) - 11: Red Hat Enterprise Linux Server 6 Updates (RPMs) - 12: Red Hat Enterprise Linux Server 6 Updates (SRPMS) x 13: Red Hat Update Infrastructure 1.2 (RPMs) * x 14: Red Hat Update Infrastructure 1.2 (SRPMS) * Enter value from (1-14) to toggle selection, 'c' to confirm selections, or '?' for more commands: c Name of the certificate. This will be used as the name of the certificate file (name.crt) and its associated private key (name.key). Choose something that will help identify the products contained with it: rhui_and_custom Local directory in which to save the generated certificate [current directory]: /tmp/certs Serial number of the certificate [10]: Number of days the certificate should be valid [365]: Repositories to be included in the entitlement certificate: Custom Entitlements /protected/$basearch/os Red Hat Repositories Red Hat Update Infrastructure 1.2 (RPMs) Red Hat Update Infrastructure 1.2 (SRPMS) Proceed? (y/n) y ......+++ ..+++ Enter pass phrase for /etc/pki/rhui/entitlement-ca-key.pem: Entitlement certificate created at /tmp/certs/rhui_and_custom.crt ------------------------------------------------------------------------------ rhui (client) =>
Create a Client Configuration RPM c create a client configuration RPM from an entitlement certificate Again, this is largely just taken from RHUI Tools 1.2, with a few minor tweaks. The user is prompted for the following: - Directory to store the created RPM - Name of the RPM file (without the .rpm extension) - Version of the RPM - Full path to the entitlement certificate to include (generated from the previous step) - Full path to the private key for the entitlement cert (also generated in the previous step) - Full path to the CA certificate that was used to sign the CDS SSL certificates. This is used when yum on the client attempts to connect to the CDS and wants to verify its end of the SSL connection. - List of all load balancers the client should attempt to contact. - Select zero or more unprotected custom repositories to include. Repos in the generated .repo file will be generated from the entitlements in the certificate and any unprotected repos selected (the unprotected ones need to be selected separately since they don't require entitlements and aren't in the entitlement certificate). RHUI Manager then creates the RPM from the data given. Sample: ------------------------------------------------------------------------------ rhui (client) => c Local directory in which the client configuration files generated by this tool should be stored (if this directory does not exist, it will be created): /tmp/test-client Name of the RPM: test-client Version of the configuration RPM [1.0]: Full path to the entitlement certificate authorizing the client to access specific channels: /tmp/certs/rhui_and_custom.crt Full path to the private key for the above entitlement certificate: /tmp/certs/rhui_and_custom.key Full path to the CA certificate used to sign the CDS SSL certificate: /etc/pki/rhui/entitlement-ca.crt Enter the host names of all load balancers the client should attempt to use, one per line. To finish inputting instances, enter a blank line. -> rhui-lb-1.redhat.com -> rhui-lb-2.redhat.com -> Select any unprotected repositories to be included in the client configuration: - 1 : Unprotected Repo 1 Enter value from (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1 Select any unprotected repositories to be included in the client configuration: x 1 : Unprotected Repo 1 Enter value from (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: c Successfully created client configuration RPM. RPMs can be found at /tmp/test-client ------------------------------------------------------------------------------ rhui (client) =>
Operation/Client Entitlements LKB
Revision 1-5 LKB
Client Entitlements cert and rpm creation info is now added to the doc.
This book is now available at http://docs.redhat.com/docs/en-US/Red_Hat_Update_Infrastructure/2.0/html/Installation_Guide/index.html Please raise a new bug for any further changes. LKB