Motivation Installation & administration Tips & tricks System management with Spacewalk Tips for managing Linux and Solaris Christian Stankowic http://www.stankowic-development.net, @stankowic_devel OpenRheinRuhr, 2014 Christian Stankowic System management with Spacewalk
69
Embed
System management with Spacewalk - cstan.ioblog.christian-stankowic.de/wp-content/uploads/...Motivation Installation & administration Tips & tricks Requirements and necessity Spacewalk
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
MotivationInstallation & administration
Tips & tricks
System management with SpacewalkTips for managing Linux and Solaris
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Requirements and necessitySpacewalk varietyNews
Spacewalk variety
2002: First version of Red Hat Network Satellite Server2008: Satellite source code releases as SpacewalkSpacewalk is the upstream project for Red Hat SatelliteServer and SUSE ManagerService contract for SUSE Manager and Red Hat Satelliteneeded, Spacewalk is freeFeatures tested in Spacewalk, often adopted in theEnterprise products
Christian Stankowic System management with Spacewalk
(missing in figure)osad - Open Source Architecture DaemonReal-time system managementAction are started using the Jabber protocolNetwork port 5222/tcp needs to be opened on the client
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Requirements and necessitySpacewalk varietyNews
Spacewalk architectureAdditional components
tftp-server - required for client network bootcobblerd - automatic TFTP, DHCP and DNS configurationSpacewalk Proxy - software packages are cached locally,reducing load/traffic
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Requirements and necessitySpacewalk varietyNews
Agenda
1 MotivationRequirements and necessitySpacewalk varietyNews
2 Installation & administrationBasic setup and system maintenanceErrata for CentOSSolaris
Customize to match your company’s structureEnable Solaris support?Create additional user accountsCreate additional organizations and trusts. . .
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Channels, child channels and repositories
Every distribution are mapped to one or more channelsEach channel can consist of multiple child channelsEvery channel is synchronized using a repositoryChannel access can be limited per system
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Creating channels and Repositories
Creation using web interface orspacewalk-common-channels
Tool offers database popular repositories15
Listing 2: Creating needed channels/repositories
1 # spacewalk-common-channels -u admin -a ⤦Ç x86_64 centos6,centos6-updates
2 # spacewalk-common-channels -u admin -a i386 ⤦Ç ’fedora20*’
15e.g. CentOS, EPEL, Fedora, openSUSE, Oracle Linux, Spacewalk clientChristian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Channels, child channels and repositoriesExample
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Channels, child channels and repositoriesAccess limitation per system
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Maintenance tasks
Some possible system maintenance tasks:Installing, updating and removing software packagesApplying errataExecuting shell commandsRestarting systemsUpdating configuration filesand much more. . .
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Maintenance tasksSystem Set Manager
Similar systems can be grouped (web/databaseservers,. . . )All systems of a group can be managed like a single hostFacilitates maintaining big system landscapesTip: groups per application and priority (test, development,production)
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Configuration management
Configuration files16 are stored in one or moreconfiguration channelsChannels can be ordered hierarchically (depending onnetwork/application, . . . )If a configuration file is part of multiple channels the firstoccurrence is selectedUploading/customizing central configuration files using theWebUI
16Symbolic links and binary files are also supported!Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Configuration management
WebUI offers an integrated ASCII editorMacros can insert system profile values (hostname, IPaddress,...)17
Updates stored as revisions, MD5 checksum verificationNo automatic update rollouts
17See Red Hat Satellite documentationChristian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
CEFS - CentOS Errata for Spacewalk
RHEL customers are receiving errata by RHNCentOS fixes are marked as regular updatesCEFS service18 creates errata automatically (mailing lists)CEFS imports errata locallyErrata information can be combined with Red HatSecurity Announcements (RHSA), more details
18Thank you very much, Steve!Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Solaris integration
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Solaris integration
Spacewalk / Red Hat Satellite are offering “UNIXsupport“19
Solaris systems can be registered / managed like LinuxhostsSUN/Oracle Solaris 8 to 10 (x86 + SPARC) officiallysupportedUnofficially also working20:
Oracle Solaris 11OpenIndiana / OpenSolarisIllumos derivates should also work
19deprecated since Spacewalk 2.220successfully tested
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Limitations
Software cannot be imported using repositories.pkg files need to be converted (solaris2mpm) anduploadedReal-time maintenance (osad) not possible, rhnsdchecks periodicallyRemote commands unreliable on somearchitectures/releasesHardware / package information partially errorneous
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Preparation - Spacewalk
Enable Solaris supportRestart Spacewalk / Red Hat SatelliteCreate Solaris base channel and sub-channelsCreate activation key and link with base channel
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Installation - Solaris
Download appropriate Solaris Bootstrap package21:http://spacewalkproject.org/solaris22
Install OpenSSL and ZIP libraries and GCC runtime23
Install Bootstrap package and adjust LD Library pathsRegister system using rhnreg_ks, optionally enableremote configuration (rhn-actions-control)
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Kickstart automation
Enterprise Linux needs Kickstart distribution and profileKS distribution consists of a minimal boot environmentRequired files are stored on DVD or network mirrorsKS profile starts distribution + installationmanual work needed
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Kickstart automation
mkelfs can help you!Python tool for downloading needed files from networkmirrorsCan also create Kickstart distributionsSupports CentOS, Scientific Linux, Fedora26
Download: https://github.com/stdevel/mkelfs
26more distros planned!Christian Stankowic System management with Spacewalk
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Clean-up
All executed tasks are documented as actionsalso includes automated tasks (checking deployedconfigurations)!Additional researching often not required, deleting actionsmostly forgottenResult: database is full unneeded information!
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Clean-up
arsa can help you!Python tool for archiving / deleting actionsGood idea to run as weekly cronjobDownload: https://github.com/stdevel/arsa
Christian Stankowic System management with Spacewalk
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Patch reporting
Management often requests detailed patch reportsMight be essential depending on the companiescertification (e.g. ISO/IEC 27001:2005)Very time-consuming task depending on system landscape
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Patch reporting
satprep can help you!Python toolkit for creating detailed patch reportsReports are created as PDF using TEXLists patch-relevant and also general system informationDownload: https://github.com/stdevel/satprep
Christian Stankowic System management with Spacewalk
Custom info keys defining meta information:SYSTEM_OWNER - System ownerSYSTEM_CLUSTER - Cluster node / standalone systemSYSTEM_MONITORING - monitoring stateSYSTEM_MONITORING_NOTES - notes about systemmonitoringSYSTEM_BACKUP - Backup state. . .
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Patch reportingFunctionality
1 Creating a snapshot of relevant errata / patch information:./satprep_snapshot.py
2 Patching and rebooting systems3 Creating another snapshot: ./satprep_snapshot.py4 Calculating the delta and creating PDF reports:./satprep_diff.py 20141109*.csv
5 (Sign document and be happy about having saved time)
Christian Stankowic System management with Spacewalk
Appendix Further information
Further information I
http://fedorahosted.org/spacewalkSpacewalk wiki.
http://cefs.steve-meier.deCentOS Errata for Spacewalk.Steve Meier
http://red.ht/1mJA1q1Manage Solaris with Spacewalk and Red Hat SatelliteChristian Stankowic, Guest post in official Red Hat blog