linux_wiki:spacewalk

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux_wiki:spacewalk [2016/01/26 22:26]
billdozor [Server Services] 		linux_wiki:spacewalk [2019/05/25 23:50] (current)
Line 4: Line 4:
  
 Spacewalk is a centralized system update and config server.\\ Spacewalk is a centralized system update and config server.\\
-Official Site: https://fedorahosted.org/spacewalk+  * Official Site: https://github.com/spacewalkproject/spacewalk
  
 **Checklist** **Checklist**
-  * Spacewalk server installed+  * Distro(s): Enterprise Linux 
 +  * Other: [[https://github.com/spacewalkproject/spacewalk/wiki/HowToInstall|Spacewalk server]] setup
  
 ---- ----
Line 303: Line 304:
   * Edit the script: vim /usr/sbin/spacewalk-service   * Edit the script: vim /usr/sbin/spacewalk-service
   * Find the variable "SERVICES=" and remove "osa-dispatcher" and "jabberd"   * Find the variable "SERVICES=" and remove "osa-dispatcher" and "jabberd"
-</code> 
  
 ---- ----
Line 327: Line 327:
   * cobblerd => Provisioning capability   * cobblerd => Provisioning capability
   * RHN Taskomatic => Scheduled jobs viewable in the Spacewalk portal   * RHN Taskomatic => Scheduled jobs viewable in the Spacewalk portal
- 
----- 
- 
-===== osa-dispatcher dead but pid file exists ===== 
- 
-If osa-dispatcher shows the following: 
-<code bash> 
-/etc/init.d/osa-dispatcher status 
- 
-osa-dispatcher dead but pid file exists 
-</code> 
- 
-And the following error messages are in its log file: 
-<code bash> 
-tail /var/log/rhn/osa-dispatcher.log 
- 
-2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/jabber_lib.__init__ 
-2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/jabber_lib.setup_connection('Connected to jabber server', 'my-spacewalk-server.local') 
-2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/jabber_lib.register('ERROR', 'Invalid password') 
-</code> 
- 
-Fix this by stopping jabberd and osa-dispatcher (osa-dispatcher will probably show "Failed"): 
-<code bash> 
-service jabberd stop 
-service osa-dispatcher stop 
-</code> 
- 
-Remove jabberd database files: 
-<code bash> 
-rm -rf /var/lib/jabberd/db/* 
-</code> 
- 
-Start jabberd and osa-dispatcher 
-<code bash> 
-service jabberd start 
-service osa-dispatcher start 
-</code> 
- 
-Logs should now show the "Connected to jabber server" message: 
-<code bash> 
-tail /var/log/rhn/osa-dispatcher.log 
- 
-2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/jabber_lib.__init__ 
-2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/jabber_lib.setup_connection('Connected to jabber server', 'my-spacewalk-server.local') 
-2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/osa_dispatcher.fix_connection('Upstream notification server started on port', 1290) 
-2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/jabber_lib.process_forever 
-</code> 
- 
-**Warning** 
-  * After recovering the jabberdb in this way, the osad clients on each system need to re-establish a connection. This is done by stopping the osad service on the clients, removing the osad-auth.conf file and starting osad again. 
-  * From a system that has spacecmd installed:<code bash>for NODE in $(spacecmd system_list); do echo "=>${NODE}"; ssh -qt ${NODE} "sudo /sbin/service osad stop; sudo rm -vf /etc/sysconfig/rhn/osad-auth.conf; sudo /sbin/service osad start"; done</code> 
- 
----- 
- 
-===== Jabber Database Cleanup Script ===== 
- 
-A useful cron job that executes weekly to clean up the jabber database. 
- 
-/etc/cron.d/jabberdb-cleanup-logs 
-<code bash> 
-# Clean up jabber database logs weekly 
- 
-# .---------------- minute (0 - 59) 
-# |  .------------- hour (0 - 23) 
-# |  |  .---------- day of month (1 - 31) 
-# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ... 
-# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat 
-# |  |  |  |  | 
-# *  *  *  *  * user-name command to be executed 
-00 00 * * sun root /root/scripts/jabberdb_cleanup-logs.sh 
-</code> 
- 
-/root/scripts/jabberdb_cleanup-logs.sh 
-<code bash> 
-############################################################################################### 
-#!/bin/bash 
-# Name: jabberdb_cleanup-logs 
-# Description: Cleanup jabber database log files 
-############################################################################################### 
- 
-echo -e "===================================" 
-echo -e "==== Jabber Database Log Clean ====" 
-echo -e "===================================" 
- 
-echo -e "\n>>Setting database checkpoint..." 
-sudo -u jabber db_checkpoint -1 -h /var/lib/jabberd/db/ 
- 
-echo -e "\n>>The following number of log files will be cleaned:\c " 
-db_archive -a -h /var/lib/jabberd/db/ | wc -l 
- 
-echo -e "\n>>Cleaning up log files..." 
-db_archive -d -h /var/lib/jabberd/db/ 
-db-archive-status=$? 
- 
-if [[ ${db-archive-status} -eq 0 ]]; then 
-  echo -e "\n>>Log file cleanup completed successfully." 
-else 
-  echo -e "\n>>Warning, error cleaning up jabber database. (exit code: ${db-archive-status})" 
-fi 
-</code> 
- 
-  * **Note**: This requires that /etc/sudoers have "requiretty" commented out.<code bash>visudo 
-#Defaults    requiretty 
-</code> 
- 
----- 
- 
-===== Jabberd Timeout Tuning ===== 
- 
-Jabber osad clients were not checking in until the following server timeout changes were made: 
- 
-Set jabberd server timeout intervals 
-<code bash> 
-sed -i 's/<interval>.*/<interval>120<\/interval>/' /etc/jabberd/*.xml* 
-sed -i 's/<keepalive>.*/<keepalive>120<\/keepalive>/' /etc/jabberd/*.xml* 
-sed -i 's/<idle>.*/<idle>300<\/idle>/' /etc/jabberd/*.xml* 
-</code> 
- 
-Restart the Spacewalk services 
-<code bash> 
-/usr/sbin/spacewalk-service restart 
-</code> 
- 
-Clear out the jabberdb 
-<code bash> 
-/sbin/service jabberd stop ; /sbin/service osa-dispatcher stop ; rm -Rf /var/lib/jabberd/db/* ; /sbin/service jabberd start ; /sbin/service osa-dispatcher start 
-</code> 
- 
-Re-establish osad client connections 
-<code bash> 
-for NODE in $(spacecmd system_list); do echo "=>${NODE}"; ssh -qt ${NODE} "sudo /sbin/service osad stop; sudo rm -vf /etc/sysconfig/rhn/osad-auth.conf; sudo /sbin/service osad start"; done 
-</code> 
  
 ---- ----
Line 464: Line 332:
 ====== Spacewalk SSL Certificates ====== ====== Spacewalk SSL Certificates ======
  
-Updating the SSL Certificates on the Spacewalk server is more complex than just updating Apache, as the SSL certs are used for:+The SSL Certificates on the Spacewalk server is used for:
   * Spacewalk Portal (Apache httpd server)   * Spacewalk Portal (Apache httpd server)
-  * Jabber local daemon components communication 
-  * Jabber Spacewalk client to Spacewalk server communication 
- 
-Using the following RPM method will allow you to update all applications correctly at the same time. 
  
 **Before manipulating either client or CA cert** **Before manipulating either client or CA cert**
Line 480: Line 344:
 ===== Client Certificate ===== ===== Client Certificate =====
  
-Client Certificate locations:+Client Certificate default locations:
   * /etc/httpd/conf/ssl.crt/server.crt   * /etc/httpd/conf/ssl.crt/server.crt
   * /etc/httpd/conf/ssl.csr/server.csr   * /etc/httpd/conf/ssl.csr/server.csr
Line 504: Line 368:
   * Install new SSL key pair package   * Install new SSL key pair package
     * <code bash>rpm -ivh /root/ssl-build/my-spacewalk-server/rhn-org-httpd-ssl-key-pair-my-spacewalk-server-1.0-2.noarch.rpm</code>     * <code bash>rpm -ivh /root/ssl-build/my-spacewalk-server/rhn-org-httpd-ssl-key-pair-my-spacewalk-server-1.0-2.noarch.rpm</code>
-  * Stop Spacewalk services, clear jabberd's scratch database, start the services +  * Restart Spacewalk services 
-    * <code bash>spacewalk-service stop +    * <code bash>spacewalk-service restart</code>
-rm -rf /var/lib/jabberd/db/+
-spacewalk-service start</code> +
-  * Force an OSAD client re-authentication on each client<code bash>for NODE in $(spacecmd system_list); do echo "=>${NODE}"; ssh -qt ${NODE} "sudo /sbin/service osad stop; sudo rm -vf /etc/sysconfig/rhn/osad-auth.conf; sudo /sbin/service osad start"; done</code>+
  
 ---- ----
Line 549: Line 410:
   * Update the database   * Update the database
     * <code bash>rhn-ssl-dbstore -vvv --ca-cert /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT</code>     * <code bash>rhn-ssl-dbstore -vvv --ca-cert /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT</code>
-  * Stop the Spacewalk services, clear the jabberd scratch database, start services +  * Restart the Spacewalk services 
-    * <code bash>spacewalk-service stop +    * <code bash>spacewalk-service restart</code>
-rm -rf /var/lib/jabberd/db/+
-spacewalk-service start</code>+
   * **Login to each client and update the CA chain**   * **Login to each client and update the CA chain**
     * <code bash>rpm -ivh https://my-spacewalk-server.local/pub/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm</code>     * <code bash>rpm -ivh https://my-spacewalk-server.local/pub/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm</code>
       * Each client will have no communication to the Spacewalk server until this is complete.       * Each client will have no communication to the Spacewalk server until this is complete.
-  * Force an OSAD client re-authentication on each client<code bash>for NODE in $(spacecmd system_list); do echo "=>${NODE}"; ssh -qt ${NODE} "sudo /sbin/service osad stop; sudo rm -vf /etc/sysconfig/rhn/osad-auth.conf; sudo /sbin/service osad start"; done</code> 
  
 ---- ----
  
  • linux_wiki/spacewalk.1453865165.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)