Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:spacewalk [2016/01/26 22:09] billdozor [Client Check Ins] |
linux_wiki:spacewalk [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 4: | Line 4: | ||
Spacewalk is a centralized system update and config server.\\ | Spacewalk is a centralized system update and config server.\\ | ||
- | Official Site: https://fedorahosted.org/spacewalk/ | + | * Official Site: https://github.com/spacewalkproject/spacewalk |
**Checklist** | **Checklist** | ||
- | * Spacewalk server | + | * Distro(s): Enterprise Linux |
+ | * Other: [[https:// | ||
---- | ---- | ||
Line 43: | Line 44: | ||
* cron => An alternative is to create a cron job to execute every 30 mins and run rhn_check. | * cron => An alternative is to create a cron job to execute every 30 mins and run rhn_check. | ||
* If you do this, you can disable rhnsd, as it provides no other functionality than to run " | * If you do this, you can disable rhnsd, as it provides no other functionality than to run " | ||
+ | * osad => Using osad on the client and osa-dispatcher on the server (with a jabberd daemon as well) is also available. | ||
+ | * **This setup is fragile and not recommended**. | ||
If you do not want to wait for the next automatic check in (via rhnsd or cron), you can force a group of systems to check in by running the " | If you do not want to wait for the next automatic check in (via rhnsd or cron), you can force a group of systems to check in by running the " | ||
Line 51: | Line 54: | ||
for NODE in $(spacecmd group_listsystems dev); do echo " | for NODE in $(spacecmd group_listsystems dev); do echo " | ||
</ | </ | ||
+ | |||
+ | ---- | ||
===== rhnsd config ===== | ===== rhnsd config ===== | ||
Line 67: | Line 72: | ||
* EL6<code bash> | * EL6<code bash> | ||
service rhnsd start</ | service rhnsd start</ | ||
+ | |||
+ | ---- | ||
===== rhn_check Cron Job ===== | ===== rhn_check Cron Job ===== | ||
Line 93: | Line 100: | ||
* EL6<code bash> | * EL6<code bash> | ||
service rhnsd stop</ | service rhnsd stop</ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== osad ===== | ||
+ | |||
+ | Another option for client communication is using the osad daemon (xmpp/ | ||
+ | |||
+ | * This type of setup is very fragile and needs constant babysitting. | ||
+ | * The amount of administration overhead and how often it breaks is not worth the effort for faster execution of scheduled jobs. | ||
+ | * **It is HIGHLY recommended to not go this route** and the rest of this documentation assumes rhnsd or the cron job with rhn_check. | ||
---- | ---- | ||
Line 135: | Line 152: | ||
===== Errata Setup ===== | ===== Errata Setup ===== | ||
- | As of 12/15/2015, CentOS does not generate an " | + | As of 12/15/2015, CentOS does not generate an " |
For a workaround, use a script to scrape the CentOS mailing archive lists for the errata. | For a workaround, use a script to scrape the CentOS mailing archive lists for the errata. | ||
Line 270: | Line 287: | ||
====== Server Services ====== | ====== Server Services ====== | ||
- | Normal Status of Spacewalk | + | Spacewalk |
- | <code bash> | + | |
- | / | + | |
- | postmaster (pid 29875) is running... | + | ===== Removing |
- | router (pid 31614) is running... | + | |
- | sm (pid 31622) is running... | + | |
- | c2s (pid 31630) is running... | + | |
- | s2s (pid 31638) is running... | + | |
- | tomcat6 (pid 29992) is running... | + | |
- | httpd (pid 30115) is running... | + | |
- | osa-dispatcher (pid 31659) is running... | + | |
- | rhn-search is running (30168). | + | |
- | cobblerd (pid 30204) is running... | + | |
- | RHN Taskomatic is running (30236). | + | |
- | </code> | + | |
- | ---- | + | We won't be using osa-dispatcher |
- | + | * EL7<code bash>systemctl disable | |
- | ===== osa-dispatcher | + | systemctl disable jabberd |
- | + | systemctl stop osa-dispatcher | |
- | If osa-dispatcher shows the following: | + | systemctl stop jabberd</ |
- | <code bash> | + | * EL6<code bash>chkconfig |
- | / | + | chkconfig |
- | + | ||
- | osa-dispatcher | + | |
- | </ | + | |
- | + | ||
- | And the following error messages are in its log file: | + | |
- | <code bash> | + | |
- | tail / | + | |
- | + | ||
- | 2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/ | + | |
- | 2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/ | + | |
- | 2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/ | + | |
- | </ | + | |
- | + | ||
- | Fix this by stopping | + | |
- | <code bash> | + | |
- | service jabberd stop | + | |
service osa-dispatcher stop | service osa-dispatcher stop | ||
- | </ | + | service jabberd stop</ |
- | Remove | + | Remove |
- | <code bash> | + | * Edit the script: vim /usr/sbin/spacewalk-service |
- | rm -rf / | + | * Find the variable |
- | </ | + | |
- | + | ||
- | Start jabberd | + | |
- | <code bash> | + | |
- | service | + | |
- | service osa-dispatcher start | + | |
- | </ | + | |
- | + | ||
- | Logs should now show the " | + | |
- | <code bash> | + | |
- | tail /var/log/rhn/ | + | |
- | + | ||
- | 2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/ | + | |
- | 2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/ | + | |
- | 2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/ | + | |
- | 2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/ | + | |
- | </ | + | |
- | + | ||
- | **Warning** | + | |
- | * After recovering | + | |
- | * From a system that has spacecmd installed:< | + | |
---- | ---- | ||
- | ===== Jabber Database Cleanup Script | + | ===== Normal Status of Spacewalk Services |
- | A useful cron job that executes weekly to clean up the jabber database. | + | After removing osa-dispatcher and jabberd, |
- | + | ||
- | / | + | |
<code bash> | <code bash> | ||
- | # Clean up jabber database logs weekly | + | / |
- | # .---------------- minute | + | postmaster |
- | # | .------------- hour (0 - 23) | + | tomcat6 |
- | # | | .---------- day of month (1 - 31) | + | httpd (pid 30115) is running... |
- | # | | | .------- month (1 - 12) OR jan, | + | rhn-search is running |
- | # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun, | + | cobblerd |
- | # | | | | | | + | RHN Taskomatic is running |
- | # * * * * * user-name command to be executed | + | |
- | 00 00 * * sun root / | + | |
</ | </ | ||
- | / | + | * postmaster => Spacewalk Postgres |
- | <code bash> | + | * tomcat6 |
- | ############################################################################################### | + | * httpd => Spacewalk portal website |
- | # | + | |
- | # Name: jabberdb_cleanup-logs | + | * cobblerd |
- | # Description: | + | * RHN Taskomatic => Scheduled jobs viewable in the Spacewalk |
- | ############################################################################################### | + | |
- | + | ||
- | echo -e " | + | |
- | echo -e "==== Jabber | + | |
- | echo -e "===================================" | + | |
- | + | ||
- | echo -e "\n>>Setting database checkpoint..." | + | |
- | sudo -u jabber db_checkpoint -1 -h / | + | |
- | + | ||
- | echo -e " | + | |
- | db_archive -a -h / | + | |
- | + | ||
- | echo -e " | + | |
- | db_archive -d -h / | + | |
- | db-archive-status=$? | + | |
- | + | ||
- | if [[ ${db-archive-status} -eq 0 ]]; then | + | |
- | echo -e "\n>>Log file cleanup completed successfully." | + | |
- | else | + | |
- | | + | |
- | fi | + | |
- | </ | + | |
- | + | ||
- | * **Note**: This requires that / | + | |
- | # | + | |
- | </ | + | |
- | + | ||
- | ---- | + | |
- | + | ||
- | ===== Jabberd Timeout Tuning ===== | + | |
- | + | ||
- | Jabber osad clients were not checking in until the following server timeout changes were made: | + | |
- | + | ||
- | Set jabberd server timeout intervals | + | |
- | <code bash> | + | |
- | sed -i ' | + | |
- | sed -i ' | + | |
- | sed -i ' | + | |
- | </ | + | |
- | + | ||
- | Restart | + | |
- | <code bash> | + | |
- | / | + | |
- | </ | + | |
- | + | ||
- | Clear out the jabberdb | + | |
- | <code bash> | + | |
- | / | + | |
- | </ | + | |
- | + | ||
- | Re-establish osad client connections | + | |
- | <code bash> | + | |
- | for NODE in $(spacecmd system_list); | + | |
- | </ | + | |
---- | ---- | ||
Line 423: | Line 332: | ||
====== Spacewalk SSL Certificates ====== | ====== Spacewalk SSL Certificates ====== | ||
- | Updating the SSL Certificates on the Spacewalk server is more complex than just updating Apache, as the SSL certs are used for: | + | The SSL Certificates on the Spacewalk server is used for: |
* Spacewalk Portal (Apache httpd server) | * Spacewalk Portal (Apache httpd server) | ||
- | * Jabber local daemon components communication | ||
- | * Jabber Spacewalk client to Spacewalk server communication | ||
- | |||
- | Using the following RPM method will allow you to update all applications correctly at the same time. | ||
**Before manipulating either client or CA cert** | **Before manipulating either client or CA cert** | ||
Line 439: | Line 344: | ||
===== Client Certificate ===== | ===== Client Certificate ===== | ||
- | Client Certificate locations: | + | Client Certificate |
* / | * / | ||
* / | * / | ||
Line 463: | Line 368: | ||
* Install new SSL key pair package | * Install new SSL key pair package | ||
* <code bash>rpm -ivh / | * <code bash>rpm -ivh / | ||
- | * Stop Spacewalk | + | * Restart |
- | * <code bash> | + | * <code bash> |
- | rm -rf / | + | |
- | spacewalk-service start</ | + | |
- | * Force an OSAD client re-authentication on each client< | + | |
---- | ---- | ||
Line 508: | Line 410: | ||
* Update the database | * Update the database | ||
* <code bash> | * <code bash> | ||
- | * Stop the Spacewalk | + | * Restart |
- | * <code bash> | + | * <code bash> |
- | rm -rf / | + | |
- | spacewalk-service start</ | + | |
* **Login to each client and update the CA chain** | * **Login to each client and update the CA chain** | ||
* <code bash>rpm -ivh https:// | * <code bash>rpm -ivh https:// | ||
* Each client will have no communication to the Spacewalk server until this is complete. | * Each client will have no communication to the Spacewalk server until this is complete. | ||
- | * Force an OSAD client re-authentication on each client< | ||
---- | ---- | ||