Managing more than 40 Redhat servers became a hassle and now expensive with redhat charging obscene amounts of money for their RedHat Network update service. Opensource to the rescue!!! Found out about a project called Current that allows you to have a local update server that will connect to RedHat to download updates and then host updates for all the other servers. Only pay for one subscription if you do not want to compile the source which is available for free and save bandwidth.
The whole process was rather confusing, so I decided to put together something on this. The central server and the client are running RedHat Enterprise Linux AS 4 and the version of current used was Current 1.7.2.
Installed the rpm. –> rpm -ivh current-1.7.2-1.noarch.rpm
Edit the /etc/current/current.conf file to your liking. Making sure you have a directory where the database will be held.
Run: cinstall create_apache_config –> This will create configurations file in the /etc/httpd directory.
Run: cinstall create_certificate –> This will create three files in the /etc/current directory. The server.crt will need to be moved to /etc/httpd/conf/ssl.crt/ and the server.key will need to be moved to /etc/httpd/conf/ssl.key/ . The last file “RHNS-CA-CERT” will be moved to /usr/share/rhn and named CURRENT-CA-CERT.
Run: cinstall initdb –> This sets up the database schema. Restart Apache and current should be operational. If you face any problems up to this point then you might need to check for python or database updates.
Run: cadmin create_channel -r ‘release’ -a ‘arch’ -l ‘label’ -n ‘name’. This will create a channel for you. (cadmin create_channel -r 4AS -a i386 -l 4AS -n i386-redhat-linux)
Run: cadmin add_dir -l ‘label’ -d ‘dir’ –> Adds a directory to the channel specified by label. (cadmin add_dir -l 4AS -d /var/spool/up2date)
At this point you should have the local update server pulling updates from RHN and keeping copies of the rpms in /var/spool/up2date. This can be configured by running #up2date –configure.
Copy certificate file CURRENT-CA-CERT to /usr/share/rhn
Edit file /etc/sysconfig/rhn/up2date
o Change sslCACert=/usr/share/rhn/RHNS-CA-CERT
o to sslCACert=/usr/share/rhn/CURRENT-CA-CERT
o Change serverURL=https://www.rhns.redhat.com/XMLRPC
o to serverURL=https://server.somedomain.com/XMLRPC
o Change noSSLServerURL=http://www.rhns.redhat.com/XMLRPC
o to noSSLServerURL=http://server.somedomain.com/XMLRPC
A cron job needs to be set-up to run on a daily basis to check for updates and install them (excluding kernel updates).