linux_wiki:spacewalk

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux_wiki:spacewalk [2016/01/26 22:14]
billdozor 		linux_wiki:spacewalk [2019/05/25 23:50] (current)
Line 4: Line 4:
  
 Spacewalk is a centralized system update and config server.\\ Spacewalk is a centralized system update and config server.\\
-Official Site: https://fedorahosted.org/spacewalk+  * Official Site: https://github.com/spacewalkproject/spacewalk
  
 **Checklist** **Checklist**
-  * Spacewalk server installed+  * Distro(s): Enterprise Linux 
 +  * Other: [[https://github.com/spacewalkproject/spacewalk/wiki/HowToInstall|Spacewalk server]] setup
  
 ---- ----
Line 43: Line 44:
   * cron => An alternative is to create a cron job to execute every 30 mins and run rhn_check.   * cron => An alternative is to create a cron job to execute every 30 mins and run rhn_check.
     * If you do this, you can disable rhnsd, as it provides no other functionality than to run "run_check".     * If you do this, you can disable rhnsd, as it provides no other functionality than to run "run_check".
 +  * osad => Using osad on the client and osa-dispatcher on the server (with a jabberd daemon as well) is also available.
 +    * **This setup is fragile and not recommended**.
  
 If you do not want to wait for the next automatic check in (via rhnsd or cron), you can force a group of systems to check in by running the "rhn_check" command locally on that system.\\ If you do not want to wait for the next automatic check in (via rhnsd or cron), you can force a group of systems to check in by running the "rhn_check" command locally on that system.\\
Line 149: Line 152:
 ===== Errata Setup ===== ===== Errata Setup =====
  
-As of 12/15/2015, CentOS does not generate an "updateinfo.xml" file in their repodata directories. This file is responsible for the package to errata mappings. (RHEL, Fedora, EPEL, and supposedly Oracle all do this)+As of 12/15/2015, CentOS does not generate an "updateinfo.xml" file in their repodata directories. This file is responsible for the package to errata mappings. (RHEL, Fedora, EPEL, and Oracle all do this)
  
 For a workaround, use a script to scrape the CentOS mailing archive lists for the errata. For a workaround, use a script to scrape the CentOS mailing archive lists for the errata.
Line 284: Line 287:
 ====== Server Services ====== ====== Server Services ======
  
-Normal Status of Spacewalk Services +Spacewalk server services.
-<code bash> +
-/usr/sbin/spacewalk-service status+
  
-postmaster (pid  29875) is running... +===== Removing osa/jabber =====
-router (pid 31614) is running... +
-sm (pid 31622) is running... +
-c2s (pid 31630) is running... +
-s2s (pid 31638) is running... +
-tomcat6 (pid 29992) is running...                          [  OK  ] +
-httpd (pid  30115) is running... +
-osa-dispatcher (pid  31659) is running... +
-rhn-search is running (30168). +
-cobblerd (pid 30204) is running... +
-RHN Taskomatic is running (30236). +
-</code>+
  
----- +We won't be using osa-dispatcher or jabberd services, so these can safely be disabled. 
- +  * EL7<code bash>systemctl disable osa-dispatcher 
-===== osa-dispatcher dead but pid file exists ===== +systemctl disable jabberd 
- +systemctl stop osa-dispatcher 
-If osa-dispatcher shows the following: +systemctl stop jabberd</code> 
-<code bash> +  * EL6<code bash>chkconfig osa-dispatcher off 
-/etc/init.d/osa-dispatcher status +chkconfig jabberd off
- +
-osa-dispatcher dead but pid file exists +
-</code> +
- +
-And the following error messages are in its log file: +
-<code bash> +
-tail /var/log/rhn/osa-dispatcher.log +
- +
-2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/jabber_lib.__init__ +
-2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/jabber_lib.setup_connection('Connected to jabber server', 'my-spacewalk-server.local'+
-2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/jabber_lib.register('ERROR', 'Invalid password'+
-</code> +
- +
-Fix this by stopping jabberd and osa-dispatcher (osa-dispatcher will probably show "Failed"): +
-<code bash> +
-service jabberd stop+
 service osa-dispatcher stop service osa-dispatcher stop
-</code>+service jabberd stop</code>
  
-Remove jabberd database files: +Remove osa and jabber from the main spacewalk-service script. 
-<code bash> +  * Edit the scriptvim /usr/sbin/spacewalk-service 
-rm -rf /var/lib/jabberd/db/+  * Find the variable "SERVICES=" and remove "osa-dispatcher" and "jabberd"
-</code> +
- +
-Start jabberd and osa-dispatcher +
-<code bash> +
-service jabberd start +
-service osa-dispatcher start +
-</code> +
- +
-Logs should now show the "Connected to jabber server" message: +
-<code bash> +
-tail /var/log/rhn/osa-dispatcher.log +
- +
-2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/jabber_lib.__init__ +
-2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/jabber_lib.setup_connection('Connected to jabber server', 'my-spacewalk-server.local'+
-2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/osa_dispatcher.fix_connection('Upstream notification server started on port', 1290) +
-2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/jabber_lib.process_forever +
-</code> +
- +
-**Warning** +
-  * After recovering the jabberdb in this way, the osad clients on each system need to re-establish a connection. This is done by stopping the osad service on the clients, removing the osad-auth.conf file and starting osad again. +
-  * From a system that has spacecmd installed:<code bash>for NODE in $(spacecmd system_list); do echo "=>${NODE}"; ssh -qt ${NODE} "sudo /sbin/service osad stop; sudo rm -vf /etc/sysconfig/rhn/osad-auth.conf; sudo /sbin/service osad start"; done</code>+
  
 ---- ----
  
-===== Jabber Database Cleanup Script =====+===== Normal Status of Spacewalk Services =====
  
-A useful cron job that executes weekly to clean up the jabber database. +After removing osa-dispatcher and jabberd, the status output looks like this:
- +
-/etc/cron.d/jabberdb-cleanup-logs+
 <code bash> <code bash>
-# Clean up jabber database logs weekly+/usr/sbin/spacewalk-service status
  
-# .---------------- minute (0 - 59+postmaster (pid  29875is running... 
-# |  .------------- hour (0 - 23+tomcat6 (pid 29992is running...                          [  OK  ] 
-# |  |  .---------- day of month (1 - 31+httpd (pid  30115) is running... 
-# |  |  |  .------- month (1 - 12OR jan,feb,mar,apr ... +rhn-search is running (30168). 
-# |  |  |  |  .---- day of week (0 - 6(Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat +cobblerd (pid 30204is running... 
-# |  |  |  |  | +RHN Taskomatic is running (30236).
-# *  *  *  *  * user-name command to be executed +
-00 00 * * sun root /root/scripts/jabberdb_cleanup-logs.sh+
 </code> </code>
  
-/root/scripts/jabberdb_cleanup-logs.sh +  * postmaster =Spacewalk Postgres Database 
-<code bash> +  * tomcat6 => Spacewalk application 
-############################################################################################### +  * httpd => Spacewalk portal website 
-#!/bin/bash +  * rhn-search =Searching functionality within the portal 
-# Name: jabberdb_cleanup-logs +  * cobblerd => Provisioning capability 
-# Description: Cleanup jabber database log files +  RHN Taskomatic =Scheduled jobs viewable in the Spacewalk portal
-############################################################################################### +
- +
-echo -e "===================================" +
-echo -e "==== Jabber Database Log Clean ====" +
-echo -e "===================================" +
- +
-echo -e "\n>>Setting database checkpoint..." +
-sudo -u jabber db_checkpoint -1 -h /var/lib/jabberd/db/ +
- +
-echo -e "\n>>The following number of log files will be cleaned:\c " +
-db_archive -a -h /var/lib/jabberd/db/ | wc -l +
- +
-echo -e "\n>>Cleaning up log files..." +
-db_archive -d -h /var/lib/jabberd/db/ +
-db-archive-status=$? +
- +
-if [[ ${db-archive-status} -eq 0 ]]; then +
-  echo -e "\n>>Log file cleanup completed successfully." +
-else +
-  echo -e "\n>>Warning, error cleaning up jabber database. (exit code: ${db-archive-status})" +
-fi +
-</code> +
- +
-  * **Note**: This requires that /etc/sudoers have "requiretty" commented out.<code bash>visudo +
-#Defaults    requiretty +
-</code> +
- +
----- +
- +
-===== Jabberd Timeout Tuning ===== +
- +
-Jabber osad clients were not checking in until the following server timeout changes were made: +
- +
-Set jabberd server timeout intervals +
-<code bash+
-sed -i 's/<interval>.*/<interval>120<\/interval>/' /etc/jabberd/*.xml* +
-sed -i 's/<keepalive>.*/<keepalive>120<\/keepalive>/' /etc/jabberd/*.xml* +
-sed -i 's/<idle>.*/<idle>300<\/idle>/' /etc/jabberd/*.xml* +
-</code> +
- +
-Restart the Spacewalk services +
-<code bash> +
-/usr/sbin/spacewalk-service restart +
-</code> +
- +
-Clear out the jabberdb +
-<code bash> +
-/sbin/service jabberd stop ; /sbin/service osa-dispatcher stop ; rm -Rf /var/lib/jabberd/db/* ; /sbin/service jabberd start ; /sbin/service osa-dispatcher start +
-</code> +
- +
-Re-establish osad client connections +
-<code bash> +
-for NODE in $(spacecmd system_list); do echo "=>${NODE}"; ssh -qt ${NODE} "sudo /sbin/service osad stop; sudo rm -vf /etc/sysconfig/rhn/osad-auth.conf; sudo /sbin/service osad start"; done +
-</code>+
  
 ---- ----
Line 437: Line 332:
 ====== Spacewalk SSL Certificates ====== ====== Spacewalk SSL Certificates ======
  
-Updating the SSL Certificates on the Spacewalk server is more complex than just updating Apache, as the SSL certs are used for:+The SSL Certificates on the Spacewalk server is used for:
   * Spacewalk Portal (Apache httpd server)   * Spacewalk Portal (Apache httpd server)
-  * Jabber local daemon components communication 
-  * Jabber Spacewalk client to Spacewalk server communication 
- 
-Using the following RPM method will allow you to update all applications correctly at the same time. 
  
 **Before manipulating either client or CA cert** **Before manipulating either client or CA cert**
Line 453: Line 344:
 ===== Client Certificate ===== ===== Client Certificate =====
  
-Client Certificate locations:+Client Certificate default locations:
   * /etc/httpd/conf/ssl.crt/server.crt   * /etc/httpd/conf/ssl.crt/server.crt
   * /etc/httpd/conf/ssl.csr/server.csr   * /etc/httpd/conf/ssl.csr/server.csr
Line 477: Line 368:
   * Install new SSL key pair package   * Install new SSL key pair package
     * <code bash>rpm -ivh /root/ssl-build/my-spacewalk-server/rhn-org-httpd-ssl-key-pair-my-spacewalk-server-1.0-2.noarch.rpm</code>     * <code bash>rpm -ivh /root/ssl-build/my-spacewalk-server/rhn-org-httpd-ssl-key-pair-my-spacewalk-server-1.0-2.noarch.rpm</code>
-  * Stop Spacewalk services, clear jabberd's scratch database, start the services +  * Restart Spacewalk services 
-    * <code bash>spacewalk-service stop +    * <code bash>spacewalk-service restart</code>
-rm -rf /var/lib/jabberd/db/+
-spacewalk-service start</code> +
-  * Force an OSAD client re-authentication on each client<code bash>for NODE in $(spacecmd system_list); do echo "=>${NODE}"; ssh -qt ${NODE} "sudo /sbin/service osad stop; sudo rm -vf /etc/sysconfig/rhn/osad-auth.conf; sudo /sbin/service osad start"; done</code>+
  
 ---- ----
Line 522: Line 410:
   * Update the database   * Update the database
     * <code bash>rhn-ssl-dbstore -vvv --ca-cert /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT</code>     * <code bash>rhn-ssl-dbstore -vvv --ca-cert /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT</code>
-  * Stop the Spacewalk services, clear the jabberd scratch database, start services +  * Restart the Spacewalk services 
-    * <code bash>spacewalk-service stop +    * <code bash>spacewalk-service restart</code>
-rm -rf /var/lib/jabberd/db/+
-spacewalk-service start</code>+
   * **Login to each client and update the CA chain**   * **Login to each client and update the CA chain**
     * <code bash>rpm -ivh https://my-spacewalk-server.local/pub/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm</code>     * <code bash>rpm -ivh https://my-spacewalk-server.local/pub/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm</code>
       * Each client will have no communication to the Spacewalk server until this is complete.       * Each client will have no communication to the Spacewalk server until this is complete.
-  * Force an OSAD client re-authentication on each client<code bash>for NODE in $(spacecmd system_list); do echo "=>${NODE}"; ssh -qt ${NODE} "sudo /sbin/service osad stop; sudo rm -vf /etc/sysconfig/rhn/osad-auth.conf; sudo /sbin/service osad start"; done</code> 
  
 ---- ----
  
  • linux_wiki/spacewalk.1453864495.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)