Motivation Installation & administration Tips & tricks System management with Spacewalk Tips for managing Linux and Solaris Christian Stankowic http://www.stankowic-development.net, @stankowic_devel Free and Open Source Software Conference, 2014 Christian Stankowic System management with Spacewalk
69
Embed
System management with Spacewalk - FrOSCon · System management with Spacewalk Tips for managing Linux and Solaris Christian Stankowic ... Solaris, Power management5 Solaris, RHN
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
MotivationInstallation & administration
Tips & tricks
System management with SpacewalkTips for managing Linux and Solaris
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Requirements and necessitySpacewalk varietyNews
Requirements and necessityor: IT administrators tortures
Normally less administrators manage many systemsOften rapid projects and requests
"We need 10 servers ASAP.""We need this till the end of the week - tomorrow.""Can you make those adjustments quickly? I’m having ademo with the management soon."
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Requirements and necessitySpacewalk varietyNews
Requirements and necessityor: IT administrators tortures
Resultat: Standards and documentation are often neglected
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Requirements and necessitySpacewalk varietyNews
Requirements and necessityProduct variety
Central system management is essential - but which tool?The variety is very big, some examples1
PuppetChefAnsible. . .
Alternative suites: Spacewalk, Red Hat Satellite, SUSEManagerCombines amongst others software, configuration andcontent management
1These tools are only offering some of the Spacewalk featuresChristian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Requirements and necessitySpacewalk varietyNews
Agenda
1 MotivationRequirements and necessitySpacewalk varietyNews
2 Installation & administrationBasic setup and system maintenanceErrata for CentOSSolaris
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Requirements and necessitySpacewalk varietyNews
Spacewalk variety
2002: First version of Red Hat Network Satellite Server2008: Satellite source code releases as SpacewalkSpacewalk is the upstream project for Red Hat SatelliteServer and SUSE ManagerService contract for SUSE Manager and Red Hat Satelliteneeded, Spacewalk is freeFeatures tested in Spacewalk, often adopted in theEnterprise products
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Requirements and necessitySpacewalk varietyNews
Common features
Multi-client-capabilityConfiguration managementSoftware/update managementContent provisioning/caching, no dedicated downloads perclient necessary
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Requirements and necessitySpacewalk varietyNews
Common features
System provisioningSecurity and license auditingCrash reportingMonitoring2
2Nagios / Icinga is definitely more powerful!Christian Stankowic System management with Spacewalk
(missing in figure)osad - Open Source Architecture DaemonReal-time system managementAction are started using the Jabber protocolNetwork port 5222/tcp needs to be opened on the client
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Requirements and necessitySpacewalk varietyNews
Spacewalk architectureAdditional components
tftp-server - required for client network bootcobblerd - automatic TFTP, DHCP and DNS configurationSpacewalk Proxy - software packages are cached locally,reducing load/traffic
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Requirements and necessitySpacewalk varietyNews
Agenda
1 MotivationRequirements and necessitySpacewalk varietyNews
2 Installation & administrationBasic setup and system maintenanceErrata for CentOSSolaris
Customize to match your company’s structureEnable Solaris support?Create additional user accountsCreate additional organizations and trusts. . .
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Channels, child channels and repositories
Every distribution are mapped to one or more channelsEach channel can consist of multiple child channelsEvery channel is synchronized using a repositoryChannel access can be limited per system
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Channels, child channels and repositoriesExample
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Channels, child channels and repositoriesAccess limitation per system
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Maintenance tasks
Some possible system maintenance tasks:Installing, updating and removing software packagesApplying errataExecuting shell commandsRestarting systemsUpdating configuration filesand much more. . .
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Maintenance tasksSystem Set Manager
Similar systems can be grouped (web/databaseservers,. . . )All systems of a group can be managed like a single hostFacilitates maintaining big system landscapesTip: groups per application and priority (test, development,production)
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Configuration management
Configuration files15 are stored in one or moreconfiguration channelsChannels can be ordered hierarchically (depending onnetwork/application, . . . )If a configuration file is part of multiple channels the firstoccurrence is selectedUploading/customizing central configuration files using theWebUI
15Symbolic links and binary files are also supported!Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Configuration management
WebUI offers an integrated ASCII editorMacros can insert system profile values (hostname, IPaddress,...)16
Updates stored as revisions, MD5 checksum verificationNo automatic update rollouts
16See Red Hat Satellite documentationChristian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
CEFS - CentOS Errata for Spacewalk
RHEL customers are receiving errata by RHNCentOS fixes are marked as regular updatesCEFS service17 creates errata automatically (mailing lists)CEFS imports errata locallyErrata information can be combined with Red HatSecurity Announcements (RHSA), more details
17Thank you very much, Steve!Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Solaris integration
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Solaris integration
Spacewalk / Red Hat Satellite are offering “UNIXsupport“18
Solaris systems can be registered / managed like LinuxhostsSUN/Oracle Solaris 8 to 10 (x86 + SPARC) officiallysupportedUnofficially also working19:
Oracle Solaris 11OpenIndiana / OpenSolarisIllumos derivates (napp-it, SmartOS,. . . ) should also work
18deprecated since Spacewalk 2.219successfully tested
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Limitations
Software cannot be imported using repositories.pkg files need to be converted (solaris2mpm) anduploadedReal-time maintenance (osad) not possible, rhnsdchecks periodicallyRemote commands unreliable on somearchitectures/releasesHardware / package information partially errorneous
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Preparation - Spacewalk
Enable Solaris supportRestart Spacewalk / Red Hat SatelliteCreate Solaris base channel and sub-channelsCreate activation key and link with base channel
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Basic setup and system maintenanceErrata for CentOSSolaris
Installation - Solaris
Download appropriate Solaris Bootstrap package20:http://spacewalkproject.org/solaris21
Install OpenSSL and ZIP libraries and GCC runtime22
Install Bootstrap package and adjust LD Library pathsRegister system using rhnreg_ks, enable remoteconfiguration (rhn-actions-control, optional)
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Kickstart automation
Enterprise Linux needs Kickstart distribution and profileKS distribution consists of a minimal boot environmentRequired files are stored on DVD or network mirrorsKS profile starts distribution + installationDisadvantage: manual work needed
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Kickstart automation
mkelfs can help you!Python tool for downloading needed files from networkmirrorsCan also create Kickstart distributionsSupports CentOS, Scientific Linux, FedoraDownload: https://github.com/stdevel/mkelfs
Christian Stankowic System management with Spacewalk
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Clean-up
All executed tasks are documented as actionsalso includes automated tasks (checking deployedconfigurations)!Additional researching often not required, deleting actionsmostly forgottenResult: database is full unneeded information!
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Clean-up
arsa can help you!Python tool for archiving / deleting actionsGood idea to run as weekly cronjobDownload: https://github.com/stdevel/arsa
Christian Stankowic System management with Spacewalk
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Patch reporting
Management often requests detailed patch reportsMight be essential depending on the companiescertification (e.g. ISO/IEC 27001:2005)Very time-consuming task depending on system landscapeThere must be a way to automate this. . .
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Patch reporting
satprep can help you!Python toolkit for creating detailed patch reportsReports are created as PDF using TEXLists patch-relevant and also general system informationDownload: https://github.com/stdevel/satprep
Christian Stankowic System management with Spacewalk
1 Creating a snapshot of relevant errata / patch information:./satprep_snapshot.py
2 Patching and rebooting systems3 Creating another snapshot: ./satprep_snapshot.py4 Calculating the delta and creating PDF reports:./satprep_diff.py 20140707*.csv
5 (Sign document and be happy about having saved time)
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Patch reportingFunctionality
Custom info keys defining meta information:SYSTEM_OWNER - System ownerSYSTEM_CLUSTER - Cluster node / standalone systemSYSTEM_MONITORING - monitoring stateSYSTEM_MONITORING_NOTES - notes about systemmonitoringSYSTEM_BACKUP - Backup state. . .
Christian Stankowic System management with Spacewalk
MotivationInstallation & administration
Tips & tricks
Kickstart automationClean-upPatch reporting
Patch reportingCustomization
Reports customization:Potrait / landscapeCompany logoSelecting particular system, patch and errata informationConventional TEXdocument is used as template
Christian Stankowic System management with Spacewalk
Appendix Further information
Further information I
http://fedorahosted.org/spacewalkSpacewalk wiki.
http://cefs.steve-meier.deCentOS Errata for Spacewalk.Steve Meier
http://red.ht/1mJA1q1Manage Solaris with Spacewalk and Red Hat SatelliteChristian Stankowic, Guest post in official Red Hat blog