linux_wiki:spacewalk

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
linux_wiki:spacewalk [2016/01/26 22:17]
billdozor [Errata Setup] 		linux_wiki:spacewalk [2016/03/21 22:13]
billdozor [Spacewalk]
Line 4: Line 4:
  
 Spacewalk is a centralized system update and config server.\\ Spacewalk is a centralized system update and config server.\\
-Official Site: https://fedorahosted.org/spacewalk/ +  * Official Site: https://fedorahosted.org/spacewalk/ 
  
 **Checklist** **Checklist**
-  * Spacewalk server installed+  * Distro(s): Enterprise Linux 
 +  * Other: [[https://fedorahosted.org/spacewalk/wiki/HowToInstall|Spacewalk server]] setup
  
 ---- ----
Line 286: Line 287:
 ====== Server Services ====== ====== Server Services ======
  
-Normal Status of Spacewalk Services +Spacewalk server services.
-<code bash> +
-/usr/sbin/spacewalk-service status+
  
-postmaster (pid  29875) is running... +===== Removing osa/jabber =====
-router (pid 31614) is running... +
-sm (pid 31622) is running... +
-c2s (pid 31630) is running... +
-s2s (pid 31638) is running... +
-tomcat6 (pid 29992) is running...                          [  OK  ] +
-httpd (pid  30115) is running... +
-osa-dispatcher (pid  31659) is running... +
-rhn-search is running (30168). +
-cobblerd (pid 30204) is running... +
-RHN Taskomatic is running (30236). +
-</code>+
  
----- +We won't be using osa-dispatcher or jabberd services, so these can safely be disabled. 
- +  * EL7<code bash>systemctl disable osa-dispatcher 
-===== osa-dispatcher dead but pid file exists ===== +systemctl disable jabberd 
- +systemctl stop osa-dispatcher 
-If osa-dispatcher shows the following: +systemctl stop jabberd</code> 
-<code bash> +  * EL6<code bash>chkconfig osa-dispatcher off 
-/etc/init.d/osa-dispatcher status +chkconfig jabberd off
- +
-osa-dispatcher dead but pid file exists +
-</code> +
- +
-And the following error messages are in its log file: +
-<code bash> +
-tail /var/log/rhn/osa-dispatcher.log +
- +
-2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/jabber_lib.__init__ +
-2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/jabber_lib.setup_connection('Connected to jabber server', 'my-spacewalk-server.local'+
-2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/jabber_lib.register('ERROR', 'Invalid password'+
-</code> +
- +
-Fix this by stopping jabberd and osa-dispatcher (osa-dispatcher will probably show "Failed"): +
-<code bash> +
-service jabberd stop+
 service osa-dispatcher stop service osa-dispatcher stop
-</code>+service jabberd stop</code>
  
-Remove jabberd database files: +Remove osa and jabber from the main spacewalk-service script. 
-<code bash> +  * Edit the scriptvim /usr/sbin/spacewalk-service 
-rm -rf /var/lib/jabberd/db/+  * Find the variable "SERVICES=" and remove "osa-dispatcher" and "jabberd"
-</code> +
- +
-Start jabberd and osa-dispatcher +
-<code bash> +
-service jabberd start +
-service osa-dispatcher start +
-</code> +
- +
-Logs should now show the "Connected to jabber server" message: +
-<code bash> +
-tail /var/log/rhn/osa-dispatcher.log +
- +
-2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/jabber_lib.__init__ +
-2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/jabber_lib.setup_connection('Connected to jabber server', 'my-spacewalk-server.local'+
-2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/osa_dispatcher.fix_connection('Upstream notification server started on port', 1290) +
-2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/jabber_lib.process_forever +
-</code> +
- +
-**Warning** +
-  * After recovering the jabberdb in this way, the osad clients on each system need to re-establish a connection. This is done by stopping the osad service on the clients, removing the osad-auth.conf file and starting osad again. +
-  * From a system that has spacecmd installed:<code bash>for NODE in $(spacecmd system_list); do echo "=>${NODE}"; ssh -qt ${NODE} "sudo /sbin/service osad stop; sudo rm -vf /etc/sysconfig/rhn/osad-auth.conf; sudo /sbin/service osad start"; done</code>+
  
 ---- ----
  
-===== Jabber Database Cleanup Script =====+===== Normal Status of Spacewalk Services =====
  
-A useful cron job that executes weekly to clean up the jabber database. +After removing osa-dispatcher and jabberd, the status output looks like this:
- +
-/etc/cron.d/jabberdb-cleanup-logs+
 <code bash> <code bash>
-# Clean up jabber database logs weekly+/usr/sbin/spacewalk-service status
  
-# .---------------- minute (0 - 59+postmaster (pid  29875is running... 
-# |  .------------- hour (0 - 23+tomcat6 (pid 29992is running...                          [  OK  ] 
-# |  |  .---------- day of month (1 - 31+httpd (pid  30115) is running... 
-# |  |  |  .------- month (1 - 12OR jan,feb,mar,apr ... +rhn-search is running (30168). 
-# |  |  |  |  .---- day of week (0 - 6(Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat +cobblerd (pid 30204is running... 
-# |  |  |  |  | +RHN Taskomatic is running (30236).
-# *  *  *  *  * user-name command to be executed +
-00 00 * * sun root /root/scripts/jabberdb_cleanup-logs.sh+
 </code> </code>
  
-/root/scripts/jabberdb_cleanup-logs.sh +  * postmaster =Spacewalk Postgres Database 
-<code bash> +  * tomcat6 => Spacewalk application 
-############################################################################################### +  * httpd => Spacewalk portal website 
-#!/bin/bash +  * rhn-search =Searching functionality within the portal 
-# Name: jabberdb_cleanup-logs +  * cobblerd => Provisioning capability 
-# Description: Cleanup jabber database log files +  RHN Taskomatic =Scheduled jobs viewable in the Spacewalk portal
-############################################################################################### +
- +
-echo -e "===================================" +
-echo -e "==== Jabber Database Log Clean ====" +
-echo -e "===================================" +
- +
-echo -e "\n>>Setting database checkpoint..." +
-sudo -u jabber db_checkpoint -1 -h /var/lib/jabberd/db/ +
- +
-echo -e "\n>>The following number of log files will be cleaned:\c " +
-db_archive -a -h /var/lib/jabberd/db/ | wc -l +
- +
-echo -e "\n>>Cleaning up log files..." +
-db_archive -d -h /var/lib/jabberd/db/ +
-db-archive-status=$? +
- +
-if [[ ${db-archive-status} -eq 0 ]]; then +
-  echo -e "\n>>Log file cleanup completed successfully." +
-else +
-  echo -e "\n>>Warning, error cleaning up jabber database. (exit code: ${db-archive-status})" +
-fi +
-</code> +
- +
-  * **Note**: This requires that /etc/sudoers have "requiretty" commented out.<code bash>visudo +
-#Defaults    requiretty +
-</code> +
- +
----- +
- +
-===== Jabberd Timeout Tuning ===== +
- +
-Jabber osad clients were not checking in until the following server timeout changes were made: +
- +
-Set jabberd server timeout intervals +
-<code bash+
-sed -i 's/<interval>.*/<interval>120<\/interval>/' /etc/jabberd/*.xml* +
-sed -i 's/<keepalive>.*/<keepalive>120<\/keepalive>/' /etc/jabberd/*.xml* +
-sed -i 's/<idle>.*/<idle>300<\/idle>/' /etc/jabberd/*.xml* +
-</code> +
- +
-Restart the Spacewalk services +
-<code bash> +
-/usr/sbin/spacewalk-service restart +
-</code> +
- +
-Clear out the jabberdb +
-<code bash> +
-/sbin/service jabberd stop ; /sbin/service osa-dispatcher stop ; rm -Rf /var/lib/jabberd/db/* ; /sbin/service jabberd start ; /sbin/service osa-dispatcher start +
-</code> +
- +
-Re-establish osad client connections +
-<code bash> +
-for NODE in $(spacecmd system_list); do echo "=>${NODE}"; ssh -qt ${NODE} "sudo /sbin/service osad stop; sudo rm -vf /etc/sysconfig/rhn/osad-auth.conf; sudo /sbin/service osad start"; done +
-</code>+
  
 ---- ----
Line 439: Line 332:
 ====== Spacewalk SSL Certificates ====== ====== Spacewalk SSL Certificates ======
  
-Updating the SSL Certificates on the Spacewalk server is more complex than just updating Apache, as the SSL certs are used for:+The SSL Certificates on the Spacewalk server is used for:
   * Spacewalk Portal (Apache httpd server)   * Spacewalk Portal (Apache httpd server)
-  * Jabber local daemon components communication 
-  * Jabber Spacewalk client to Spacewalk server communication 
- 
-Using the following RPM method will allow you to update all applications correctly at the same time. 
  
 **Before manipulating either client or CA cert** **Before manipulating either client or CA cert**
Line 455: Line 344:
 ===== Client Certificate ===== ===== Client Certificate =====
  
-Client Certificate locations:+Client Certificate default locations:
   * /etc/httpd/conf/ssl.crt/server.crt   * /etc/httpd/conf/ssl.crt/server.crt
   * /etc/httpd/conf/ssl.csr/server.csr   * /etc/httpd/conf/ssl.csr/server.csr
Line 479: Line 368:
   * Install new SSL key pair package   * Install new SSL key pair package
     * <code bash>rpm -ivh /root/ssl-build/my-spacewalk-server/rhn-org-httpd-ssl-key-pair-my-spacewalk-server-1.0-2.noarch.rpm</code>     * <code bash>rpm -ivh /root/ssl-build/my-spacewalk-server/rhn-org-httpd-ssl-key-pair-my-spacewalk-server-1.0-2.noarch.rpm</code>
-  * Stop Spacewalk services, clear jabberd's scratch database, start the services +  * Restart Spacewalk services 
-    * <code bash>spacewalk-service stop +    * <code bash>spacewalk-service restart</code>
-rm -rf /var/lib/jabberd/db/+
-spacewalk-service start</code> +
-  * Force an OSAD client re-authentication on each client<code bash>for NODE in $(spacecmd system_list); do echo "=>${NODE}"; ssh -qt ${NODE} "sudo /sbin/service osad stop; sudo rm -vf /etc/sysconfig/rhn/osad-auth.conf; sudo /sbin/service osad start"; done</code>+
  
 ---- ----
Line 524: Line 410:
   * Update the database   * Update the database
     * <code bash>rhn-ssl-dbstore -vvv --ca-cert /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT</code>     * <code bash>rhn-ssl-dbstore -vvv --ca-cert /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT</code>
-  * Stop the Spacewalk services, clear the jabberd scratch database, start services +  * Restart the Spacewalk services 
-    * <code bash>spacewalk-service stop +    * <code bash>spacewalk-service restart</code>
-rm -rf /var/lib/jabberd/db/+
-spacewalk-service start</code>+
   * **Login to each client and update the CA chain**   * **Login to each client and update the CA chain**
     * <code bash>rpm -ivh https://my-spacewalk-server.local/pub/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm</code>     * <code bash>rpm -ivh https://my-spacewalk-server.local/pub/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm</code>
       * Each client will have no communication to the Spacewalk server until this is complete.       * Each client will have no communication to the Spacewalk server until this is complete.
-  * Force an OSAD client re-authentication on each client<code bash>for NODE in $(spacecmd system_list); do echo "=>${NODE}"; ssh -qt ${NODE} "sudo /sbin/service osad stop; sudo rm -vf /etc/sysconfig/rhn/osad-auth.conf; sudo /sbin/service osad start"; done</code> 
  
 ---- ----
  
  • linux_wiki/spacewalk.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)