Anatomy of Satellite Certificates
Satellite certificates are used by Satellite 5.x deployments. They are not used on Community Enterprise Operating System.7 or by the subscription service.
Every system has to have a secure, authoritative way to identify what subscriptions are available. For Satellite 5.x systems, this identification is done through a digitally-signed XML document that lists the products and quantities that a customer has purchased.
As with entitlement certificates, a Satellite certificate contains the information about the subscription that was purchased, including the total number of systems that can be registered against that subscription and its start and end dates.
There are two types of subscriptions:
- System entitlements are subscriptions for services that can be performed, such as monitoring, provisioning, and virtualization.
- Channel entitlements, or content entitlements, provide access to the different software product download channels on CentOS Network. These include Community Enterprise Linux add-ons like Supplementary and FastTrack and layered products like CentOS Directory Server.
Both types can be included in a single Satellite certificate.
A system entitlement and the metadata for an entitlement are both configured similarly in the certificate:
<rhn-cert-field name="configuration_area">value</rhn-cert-field>
The name argument identifies what entity is being configured. This can be the organization which ordered the subscription (name="owner"), the start and end dates for the entitlement (name="issued" and name="expires"), or the entitlement itself. A system entitlement uses the name argument to set the service being entitled; every content entitlement is set as a name="channel-family" type, with the specific product identified in an additional family argument.
The first section of the Satellite certificate is the metadata. The metadata identifies the organization which purchased it and the start and end dates of the entitlement. The field being set is in the name argument, while the value is between the tags. The last lines of the certificate also set metadata for the subscription, including the version of the Satellite and the signature that signs the XML document (and allows the XML file to be used as a certificate).
<rhn-cert-field name="product">RHN-SATELLITE-001</rhn-cert-field> <rhn-cert-field name="owner">Example Corp</rhn-cert-field> <rhn-cert-field name="issued">2009-04-07 10:18:33</rhn-cert-field> <rhn-cert-field name="expires">2009-11-25 00:00:00</rhn-cert-field> ... [snip] ... <rhn-cert-field name="satellite-version">5.3</rhn-cert-field> <rhn-cert-field name="generation">2</rhn-cert-field> <rhn-cert-signature> -----BEGIN PGP SIGNATURE----- Version: Crypt::OpenPGP 1.03 iQBGBAARAwAGBQJJ22C+AAoJEJ5ynaAAAAkyyZ0An18+4hK5Ozt4HWieFvahsTnF aPcaAJ0e5neOfdDZRLOgDE+Tp/Im3Hc3Rg== =gqP7 -----END PGP SIGNATURE----- </rhn-cert-signature>
The name="slot" field lists how many total systems are allowed to use this Satellite certificate to receive content. It is a global quantity.
<rhn-cert-field name="slots">119</rhn-cert-field>
The system entitlements are set by identifying the service type in the name argument and then setting the quantity as the value within the tags.
<rhn-cert-field name="provisioning-slots">117</rhn-cert-field> <rhn-cert-field name="monitoring-slots">20</rhn-cert-field> <rhn-cert-field name="virtualization_host">67</rhn-cert-field>
The content entitlements can include any combination of products, including base Community Enterprise Linux subscriptions, variations of Community Enterprise Linux, Community Enterprise Linux add-ons, and general software products. General Community Enterprise Linux server subscriptions are listed in the rhel-server family, while a specific Virtualization Server subscription provides an additional rhel-server-vt family..
<rhn-cert-field name="channel-families" quantity="95" family="rhel-server"/> <rhn-cert-field name="channel-families" quantity="67" family="rhel-server-vt"/>
Add-ons and products for Community Enterprise Linux systems (but not necessarily operating system products) are also in a rhel-* family, because that refers to the platform the product is supported on. In this example, CentOS Directory Server is in the rhel-rhdirserv family.
<rhn-cert-field name="channel-families" quantity="3" family="rhel-rhdirserv"/>
Most subscriptions will also include a subscription tool set to manage and enable within clients features such as provisioning or configuration management when registered to RHN Classic or Satellite 5.x.
<rhn-cert-field name="channel-families" quantity="212" family="rhn-tools"/>
After explaining how to configure the network, this part discusses topics related to networking such as how to allow remote logins, share files and directories over the network, and set up a Web server.
Table of Contents
- Network Interfaces
- Network Configuration
-
- Overview
- Establishing an Ethernet Connection
- Establishing an ISDN Connection
- Establishing a Modem Connection
- Establishing an xDSL Connection
- Establishing a Token Ring Connection
- Establishing a Wireless Connection
- Managing DNS Settings
- Managing Hosts
- Working with Profiles
- Device Aliases
- Saving and Restoring the Network Configuration
- Establishing an Ethernet Connection
- Overview
- Controlling Access to Services
- Berkeley Internet Name Domain (BIND)
- OpenSSH
- Network File System (NFS)
- Samba
-
- Introduction to Samba
- Samba Daemons and Related Services
- Connecting to a Samba Share
- Configuring a Samba Server
- Starting and Stopping Samba
- Samba Server Types and the
smb.confFile - Samba Server Types and the
- Samba Security Modes
- Samba Account Information Databases
- Samba Network Browsing
- Samba with CUPS Printing Support
- Samba Distribution Programs
- Additional Resources
- Dynamic Host Configuration Protocol (DHCP)
- Apache HTTP Server
- FTP
- Lightweight Directory Access Protocol (LDAP)
- Authentication Configuration
- Using and Caching Credentials with SSSD