Testing connectivity to the Red Hat
If you are on 2.3.3.4 or 2.3.3.5, deployment of the Red Hat Satellite Server Version 6.10 virtual system pattern requires connectivity to the Red Hat over the internet. If you are on 2.3.3.6, deployment of the Red Hat Satellite Server Version 6.11 virtual system pattern requires connectivity to the Red Hat over the internet.
Before deploying the Red Hat® Satellite Server virtual system pattern, verify the virtual
machines (running in the same cloud group)
have connectivity to the Red Hat Subscription Management Services (access.redhat.com) and Red Hat
CDN (cdn.redhat.com). The virtual machine hosting the Red Hat Satellite Server on Cloud Pak System requires access over HTTPS. Use
one of the following URLs to prove connectivity with the Red Hat Network and replicate content from the
Red Hat Network or Security First.
- Red Hat Network
-
- https://access.redhat.com
- subscription.rhsm.redhat.com
- Red Hat Content Distribution Network
- https://cdn.redhat.com
- Security First
- https://ipayum.securityfirstcorp.com
It is recommended you verify that a virtual machine in the same IP group as where you plan to deploy the Red Hat Satellite Server virtual system pattern can access the aforementioned URLs. Use a tool such as wget or curl.
The following example shows a successful HTTPS connection to
https://access.redhat.com using
curl.
[virtuser@hostname1 ~]$ curl -v -k -I https://access.redhat.com/
* About to connect() to access.redhat.com port 443 (#0)
* Trying <hostname1_IPaddress>... connected
* Connected to access.redhat.com (<hostname1_IPaddress>) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=US; ST=NC; L=Raleigh; O=Red Hat, Inc.; OU=Web Operations;
CN=access.redhat.com
* start date: 2014-10-17 20:30:01 GMT
* expire date: 2015-10-17 20:29:57 GMT
* subjectAltName: access.redhat.com matched
* issuer: C=NL; L=Amsterdam; O=Verizon Enterprise Solutions; OU=Cybertrust;
CN=Verizon Akamai SureServer CA G14-SHA1
* SSL certificate verify ok.
> HEAD / HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-unknown-linux-gnu) libcurl/7.21.3 OpenSSL/1.0.1e
zlib/1.2.3
> Host: access.redhat.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Apache
Server: Apache
< X-Powered-By: PHP/5.3.3
X-Powered-By: PHP/5.3.3
< X-Trace: 1B9F961738EA37FCDAC82C5B1CFD4A4D50F0CD41A2E62CB8819FEC5940
X-Trace: 1B9F961738EA37FCDAC82C5B1CFD4A4D50F0CD41A2E62CB8819FEC5940
< Content-Language: en
Content-Language: en
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
< Expires: Tue, 21 Jul 2015 14:19:14 GMT
Expires: Tue, 21 Jul 2015 14:19:14 GMT
< Date: Tue, 21 Jul 2015 14:19:14 GMT
Date: Tue, 21 Jul 2015 14:19:14 GMT
< Connection: keep-alive
Connection: keep-alive
* no chunk, no close, no size. Assume close to signal endIf you do not have a direct connection to the internet from within your data center, you can use a forward proxy to connect to the internet. Ensure the outbound SSL connection to https://access.redhat.com and https://cdn.redhat.com is not terminated by the forward proxy. The following example shows an external example of such a connection; the line starting with * issuer shows that the issuer of the certificate is an external party. If you see an issuer from your own organization instead, that proves that the SSL connection was terminated by the forward proxy (which has a certificate issued by your own organization installed).
There are times when it can be valuable to prove that SSL termination is indeed switched off in
your proxy server. The following example shows how you can provide this, using curl to access
https://access.redhat.com through a proxy
server.
[virtuser@hostname1 ~]$ curl -v -k -I -x proxy.emea.ibm.com:80
https://access.redhat.com/
* About to connect() to proxy proxy.emea.ibm.com port 80 (#0)
* Trying <hostname1_IPaddress>... connected
* Connected to proxy.emea.ibm.com (<hostname1_IPaddress>) port 80 (#0)
* Establish HTTP proxy tunnel to access.redhat.com:443
> CONNECT access.redhat.com:443 HTTP/1.1
> Host: access.redhat.com:443
> User-Agent: curl/7.21.3 (x86_64-unknown-linux-gnu) libcurl/7.21.3 OpenSSL/1.0.1e
zlib/1.2.3
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=US; ST=NC; L=Raleigh; O=Red Hat, Inc.; OU=Web Operations;
CN=access.redhat.com
* start date: 2014-10-17 20:30:01 GMT
* expire date: 2015-10-17 20:29:57 GMT
* subjectAltName: access.redhat.com matched
* issuer: C=NL; L=Amsterdam; O=Verizon Enterprise Solutions; OU=Cybertrust;
CN=Verizon Akamai SureServer CA G14-SHA1
* SSL certificate verify ok.
> HEAD / HTTP/1.1
> User-Agent: curl/7.21.3 (x86_64-unknown-linux-gnu) libcurl/7.21.3 OpenSSL/1.0.1e
zlib/1.2.3
> Host: access.redhat.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Apache
Server: Apache
< X-Powered-By: PHP/5.3.3
X-Powered-By: PHP/5.3.3
< Content-Language: en
Content-Language: en
< X-Cnection: close
X-Cnection: close
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
< Expires: Tue, 21 Jul 2015 14:22:26 GMT
Expires: Tue, 21 Jul 2015 14:22:26 GMT
< Date: Tue, 21 Jul 2015 14:22:26 GMT
Date: Tue, 21 Jul 2015 14:22:26 GMT
< Connection: keep-alive
Connection: keep-alive
* no chunk, no close, no size. Assume close to signal end
<
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):