Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:spacewalk [2016/01/26 22:26] billdozor [Server Services] |
linux_wiki:spacewalk [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 4: | Line 4: | ||
Spacewalk is a centralized system update and config server.\\ | Spacewalk is a centralized system update and config server.\\ | ||
- | Official Site: https://fedorahosted.org/spacewalk/ | + | * Official Site: https://github.com/spacewalkproject/spacewalk |
**Checklist** | **Checklist** | ||
- | * Spacewalk server | + | * Distro(s): Enterprise Linux |
+ | * Other: [[https:// | ||
---- | ---- | ||
Line 303: | Line 304: | ||
* Edit the script: vim / | * Edit the script: vim / | ||
* Find the variable " | * Find the variable " | ||
- | </ | ||
---- | ---- | ||
Line 327: | Line 327: | ||
* cobblerd => Provisioning capability | * cobblerd => Provisioning capability | ||
* RHN Taskomatic => Scheduled jobs viewable in the Spacewalk portal | * RHN Taskomatic => Scheduled jobs viewable in the Spacewalk portal | ||
- | |||
- | ---- | ||
- | |||
- | ===== osa-dispatcher dead but pid file exists ===== | ||
- | |||
- | If osa-dispatcher shows the following: | ||
- | <code bash> | ||
- | / | ||
- | |||
- | osa-dispatcher dead but pid file exists | ||
- | </ | ||
- | |||
- | And the following error messages are in its log file: | ||
- | <code bash> | ||
- | tail / | ||
- | |||
- | 2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/ | ||
- | 2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/ | ||
- | 2015/11/03 07:38:05 -05:00 30144 0.0.0.0: osad/ | ||
- | </ | ||
- | |||
- | Fix this by stopping jabberd and osa-dispatcher (osa-dispatcher will probably show " | ||
- | <code bash> | ||
- | service jabberd stop | ||
- | service osa-dispatcher stop | ||
- | </ | ||
- | |||
- | Remove jabberd database files: | ||
- | <code bash> | ||
- | rm -rf / | ||
- | </ | ||
- | |||
- | Start jabberd and osa-dispatcher | ||
- | <code bash> | ||
- | service jabberd start | ||
- | service osa-dispatcher start | ||
- | </ | ||
- | |||
- | Logs should now show the " | ||
- | <code bash> | ||
- | tail / | ||
- | |||
- | 2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/ | ||
- | 2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/ | ||
- | 2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/ | ||
- | 2015/11/03 08:19:43 -05:00 31657 0.0.0.0: osad/ | ||
- | </ | ||
- | |||
- | **Warning** | ||
- | * After recovering the jabberdb in this way, the osad clients on each system need to re-establish a connection. This is done by stopping the osad service on the clients, removing the osad-auth.conf file and starting osad again. | ||
- | * From a system that has spacecmd installed:< | ||
- | |||
- | ---- | ||
- | |||
- | ===== Jabber Database Cleanup Script ===== | ||
- | |||
- | A useful cron job that executes weekly to clean up the jabber database. | ||
- | |||
- | / | ||
- | <code bash> | ||
- | # Clean up jabber database logs weekly | ||
- | |||
- | # .---------------- minute (0 - 59) | ||
- | # | .------------- hour (0 - 23) | ||
- | # | | .---------- day of month (1 - 31) | ||
- | # | | | .------- month (1 - 12) OR jan, | ||
- | # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun, | ||
- | # | | | | | | ||
- | # * * * * * user-name command to be executed | ||
- | 00 00 * * sun root / | ||
- | </ | ||
- | |||
- | / | ||
- | <code bash> | ||
- | ############################################################################################### | ||
- | #!/bin/bash | ||
- | # Name: jabberdb_cleanup-logs | ||
- | # Description: | ||
- | ############################################################################################### | ||
- | |||
- | echo -e " | ||
- | echo -e "==== Jabber Database Log Clean ====" | ||
- | echo -e " | ||
- | |||
- | echo -e " | ||
- | sudo -u jabber db_checkpoint -1 -h / | ||
- | |||
- | echo -e " | ||
- | db_archive -a -h / | ||
- | |||
- | echo -e " | ||
- | db_archive -d -h / | ||
- | db-archive-status=$? | ||
- | |||
- | if [[ ${db-archive-status} -eq 0 ]]; then | ||
- | echo -e " | ||
- | else | ||
- | echo -e " | ||
- | fi | ||
- | </ | ||
- | |||
- | * **Note**: This requires that / | ||
- | # | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ===== Jabberd Timeout Tuning ===== | ||
- | |||
- | Jabber osad clients were not checking in until the following server timeout changes were made: | ||
- | |||
- | Set jabberd server timeout intervals | ||
- | <code bash> | ||
- | sed -i ' | ||
- | sed -i ' | ||
- | sed -i ' | ||
- | </ | ||
- | |||
- | Restart the Spacewalk services | ||
- | <code bash> | ||
- | / | ||
- | </ | ||
- | |||
- | Clear out the jabberdb | ||
- | <code bash> | ||
- | / | ||
- | </ | ||
- | |||
- | Re-establish osad client connections | ||
- | <code bash> | ||
- | for NODE in $(spacecmd system_list); | ||
- | </ | ||
---- | ---- | ||
Line 464: | Line 332: | ||
====== Spacewalk SSL Certificates ====== | ====== Spacewalk SSL Certificates ====== | ||
- | Updating the SSL Certificates on the Spacewalk server is more complex than just updating Apache, as the SSL certs are used for: | + | The SSL Certificates on the Spacewalk server is used for: |
* Spacewalk Portal (Apache httpd server) | * Spacewalk Portal (Apache httpd server) | ||
- | * Jabber local daemon components communication | ||
- | * Jabber Spacewalk client to Spacewalk server communication | ||
- | |||
- | Using the following RPM method will allow you to update all applications correctly at the same time. | ||
**Before manipulating either client or CA cert** | **Before manipulating either client or CA cert** | ||
Line 480: | Line 344: | ||
===== Client Certificate ===== | ===== Client Certificate ===== | ||
- | Client Certificate locations: | + | Client Certificate |
* / | * / | ||
* / | * / | ||
Line 504: | Line 368: | ||
* Install new SSL key pair package | * Install new SSL key pair package | ||
* <code bash>rpm -ivh / | * <code bash>rpm -ivh / | ||
- | * Stop Spacewalk | + | * Restart |
- | * <code bash> | + | * <code bash> |
- | rm -rf / | + | |
- | spacewalk-service start</ | + | |
- | * Force an OSAD client re-authentication on each client< | + | |
---- | ---- | ||
Line 549: | Line 410: | ||
* Update the database | * Update the database | ||
* <code bash> | * <code bash> | ||
- | * Stop the Spacewalk | + | * Restart |
- | * <code bash> | + | * <code bash> |
- | rm -rf / | + | |
- | spacewalk-service start</ | + | |
* **Login to each client and update the CA chain** | * **Login to each client and update the CA chain** | ||
* <code bash>rpm -ivh https:// | * <code bash>rpm -ivh https:// | ||
* Each client will have no communication to the Spacewalk server until this is complete. | * Each client will have no communication to the Spacewalk server until this is complete. | ||
- | * Force an OSAD client re-authentication on each client< | ||
---- | ---- | ||