Monday Apr 29, 2013

Installing Spacewalk to manage Oracle Linux

Spacewalk is a popular Linux management tool that can be used to manage several operating systems, including the Red Hat Enterprise Linux derivatives like CentOS and Scientific Linux, Debian and even Solaris.

While the Spacewalk installation instructions are very thorough, here is a brief guide to installing Spacewalk on Oracle Linux 6. It is possible to install on Oracle Linux 5, but it requires a lot more manual intervention as the Unbreakable Linux Network packages installed on Oracle Linux 5 conflict with some Spacewalk packages. You should use both the Spacewalk installation instructions in combination with this guide to install Spacewalk.

Pre-requisites

This guide assumes that you are familiar with the Oracle Linux 6 installation process, as well as basic system administration tasks, including registering with the Unbreakable Linux Network (ULN) or configuring YUM to use public-yum.oracle.com.  The Oracle Linux 6 Administrator's Solutions Guide provides more information on these tasks.

Oracle Linux 6 Installation

This guide uses Oracle Linux 6.4 (x86_64). Download Oracle Linux 6.4 from the Oracle Software Delivery Cloud or one of the mirrors. You can choose either to do a "Basic Server" install, or a "Minimal" install. I recommend performing a "Basic Server" install as this provides basic system administration tools. If you are using a previous version of Oracle Linux 6, please ensure it is either registered with the Unbreakable Linux Network or is configured to use public-yum.oracle.com for updates.

You should assign both a fixed hostname as well as a fixed IP address for your Spacewalk server. The hostname should be resolvable via DNS on your network.

Pre-Requisite Installation

Binary packages of Spacewalk are available through YUM repositories at ‚Äčhttp://yum.spacewalkproject.org/. To use this repository, install the spacewalk-repo package with commands below:

# rpm -Uvh http://yum.spacewalkproject.org/1.9/RHEL/6/x86_64/spacewalk-repo-1.9-1.el6.noarch.rpm

Additional repositories and packages

For Spacewalk on Oracle Linux 6, additional dependencies are needed from JPackage. Please configure the following yum repository before beginning your Spacewalk installation:

cat > /etc/yum.repos.d/jpackage-generic.repo << EOF
[jpackage-generic]
name=JPackage generic
#baseurl=http://mirrors.dotsrc.org/pub/jpackage/5.0/generic/free/
mirrorlist=http://www.jpackage.org/mirrorlist.php?dist=generic&type=free&release=5.0
enabled=1
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
EOF 

We specifically want the 5.0 generic directory in the above URL.

Spacewalk requires additional dependencies from the Enterprise Packages for Enterprise Linux (EPEL) repository. To enable this repository run the following command:

# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm 

Database Server

Spacewalk supports either Oracle Database 10g or higher or PostgreSQL 8.4 or higher to store its primary data. While Oracle Database XE is supported by Spacewalk, it is not supported by Oracle. Therefore, we recommend either using an existing Oracle Database Standard or Enterprise Edition server or using PostgreSQL. 

Oracle Database Setup

Installation of an Oracle Database server is outside the scope of this walk-through. We assume you have an existing Oracle Database server installed and available. The spacewalk user needs to have the CONNECT and RESOURCE roles as well as the ALTER SESSION, CREATE SYNONYM,CREATE TABLE and CREATE VIEW system privileges.

You will also need to make the following code change on your Spacewalk server, after you have installed the Spacewalk software:

# diff -u /etc/sysconfig/rhn/oracle/main.sql-20110504 /etc/sysconfig/rhn/oracle/main.sql
--- main.sql-20110504	2011-04-08 21:40:53.000000000 +0200
+++ main.sql	2011-05-04 14:20:24.000000000 +0200
@@ -38940,6 +38940,12 @@
 
 
 -- Source: data/common/rhnPackageSyncBlacklist.sql
+
+select lookup_package_name('gpg-pubkey') from dual;
+
+select lookup_package_name('rhns-ca-cert') from dual;
+
+select lookup_package_name('rhn-org-trusted-ssl-cert') from dual;
     
 insert into rhnPackageSyncBlacklist (package_name_id)
 	values (lookup_package_name('gpg-pubkey')); 

Without this change, the Spacewalk installation fails with the following error in /var/log/rhn/populate_db.log:

ORA-02291: integrity constraint (SPACEWALK.RHN_PACKAGESYNCBL_PNID_FK) violated - parent key not found 

The Oracle Instant Client packages can be installed from ULN by subscribing to the Oracle Software channel and running the following command:

# yum install oracle-instantclient11.2-basic oracle-instantclient11.2-sqlplus

If you are not subscribed to ULN, you can download the Oracle Instant Client RPMs from the Oracle Technology Network and install them manually.

Once the Oracle Instant Client has been installed, you need to add the library path to ldconfig:

# echo /usr/lib/oracle/11.2/client64/lib > /etc/ld.so.conf.d/oracle-instantclient11.2-basic.conf
# ldconfig

Spacewalk Installation

If you want to use the PostgreSQL embedded backend on the same server as Spacewalk:

# yum install spacewalk-setup-embedded-postgresql 
# yum install spacewalk-postgresql

If you want to use an Oracle Database backend:

# yum install spacewalk-oracle 

The rest of this guide uses an Oracle Database backend. Don't forget to make the code change listed under Oracle Database Setup before continuing!

The Spacewalk binary packages are missing a dependency on the geronimo-jta-1.1-api RPM, so install it manually:

# yum install geronimo-jta-1.1-api

Configuring Spacewalk

Your Spacewalk server should have a resolvable FQDN such as 'hostname.domain.com'. If the installer complains that the hostname is not the FQDN, do not use the --skip-fqdn-test flag to skip.

If you installed spacewalk-setup-embedded-postgresql above, run

# spacewalk-setup --disconnected

If you set up the database server manually (either on the same or on a different machine), run

# spacewalk-setup --disconnected --external-db

A sample interactive install:

 # spacewalk-setup --disconnected --external-db
* Setting up Oracle environment.
* Setting up database.
** Database: Setting up database connection for Oracle backend.
Database service name (SID)? orcl.domain.com
Database hostname [localhost]? spacewalk-db.domain.com
Username? spacewalk
Password?
** Database: Testing database connection.
** Database: Populating database.
*** Progress: ############################################################
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
** GPG: Creating /root/.gnupg directory
You must enter an email address.
Admin Email Address? your.email@domain.com
* Performing initial configuration.
* Activating Spacewalk.
** Loading Spacewalk Certificate.
** Verifying certificate locally.
** Activating Spacewalk.
* Enabling Monitoring.
* Configuring apache SSL virtual host.
Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]?
** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave
* Configuring tomcat.
** /etc/sysconfig//tomcat6 has been backed up to tomcat6-swsave
** /etc/tomcat6//server.xml has been backed up to server.xml-swsave
** /etc/tomcat6//web.xml has been backed up to web.xml-swsave
* Configuring jabberd.
* Creating SSL certificates.
CA certificate password?
Re-enter CA certificate password?
Organization? Oracle Demo
Organization Unit [spacewalk.domain.com]?
Email Address [your.email@domain.com]?
City? Redwood Shores
State? CA
Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US
** SSL: Generating CA certificate.
** SSL: Deploying CA certificate.
** SSL: Generating server certificate.
** SSL: Storing SSL certificates.
* Deploying configuration files.
* Update configuration in database.
* Setting up Cobbler..
Processing /etc/cobbler/modules.conf
`/etc/cobbler/modules.conf' -> `/etc/cobbler/modules.conf-swsave'
Processing /etc/cobbler/settings
`/etc/cobbler/settings' -> `/etc/cobbler/settings-swsave'
cobblerd does not appear to be running/accessible
Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]?
cobblerd does not appear to be running/accessible
* Restarting services.
Installation complete.
Visit https://spacewalk.domain.com to create the Spacewalk administrator account.

Once your install is complete, visit https://spacewalk.domain.com to create the initial Spacewalk administrator account. Documentation on using Spacewalk can be found on the Spacewalk wiki

Oracle Linux YUM Repositories

The following channels on public-yum.oracle.com  contain errata information that can be ingested by Spacewalk: 

  • ol5_i386_latest
  • ol5_x86_64_latest
  • ol6_i386_latest
  • ol6_x86_64_latest

Each repository stores ALL packages released since the first Generally Available (GA) release of each version. This means the storage requirements for each of these repositories is between 20GB-30GB each. Care should be taken to ensure you have enough disk space to mirror each repository.

Adding the Oracle Linux 6 (x86_64) Latest channel

Goto Channels -> Manage Software Channels -> Manage Repositories. Click "create new repository" and provide the following configuration:

  • Repository Label: External yum repo - Oracle Linux 6 (x86_64)
  • Repository URL: http://public-yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/

Then click "create repository".

After creating the repository, you need to link it to one or more Software Channels. Goto: Channels -> Manage Software Channels. Click "create new channel" and provide the following configuration:

  • Channel Name: Oracle Linux 6 (x86_64)
  • Channel Label: oraclelinux6-x86_64
  • Architecture: x86_64
  • Yum Repository Checksum Type: sha256
  • Channel Summary: Oracle Linux 6 (x86_64)
Then click "create channel". Once the channel is created, click the "Repositories" tab that appears and select the "External yum repo - Oracle Linux 6 x86_64" repository and click "Update Repositories". Once you've enabled the repository, click the "Sync" tab and either click the "Sync Now" button to trigger an immediate sync, or schedule a sync. Note that the initial repository sync can take 2-3 days to complete for each repository.

Updates to errata on ULN and public-yum.oracle.com

The Unbreakable Linux Network (ULN) team have been hard at work updating the errata metadata that is delivered on ULN and public-yum.oracle.com. The changes provide more information about all errata, including security patches, bug fixes and feature enhancements. In addition, security fixes are listed by priority (important, moderate, low). This will allow Oracle Linux customers more flexibility when working with 3rd party Linux management tools like Spacewalk or SUSE Manager.

You can see some of the changes we've implemented using the yum-security plugin that's available as part of Oracle Linux:

 First, install the yum-security plugin: 

 # yum install yum-plugin-security

You can read all about the options available once you have the yum-security plugin installed by reading the man page:

# man yum-security 

Let's take it for a spin. First, let's list all the errata that are available for your system:

# yum updateinfo list
Loaded plugins: rhnplugin, security
ELBA-2012-1399 bug            device-mapper-libs-1.02.74-10.el6_3.2.x86_64
ELEA-2012-1574 enhancement    device-mapper-libs-1.02.74-10.el6_3.3.x86_64
ELSA-2012-1141 Moderate/Sec.  dhclient-12:4.1.1-31.P1.0.1.el6_3.1.x86_64
ELSA-2013-0504 Low/Sec.       dhclient-12:4.1.1-34.P1.0.1.el6.x86_64
ELSA-2012-1141 Moderate/Sec.  dhcp-common-12:4.1.1-31.P1.0.1.el6_3.1.x86_64
ELSA-2013-0504 Low/Sec.       dhcp-common-12:4.1.1-34.P1.0.1.el6.x86_64
...

This command lists all the errata that are available for your system by errata ID. It also specifies whether it's a security patch (Moderate/Sec.), bugfix (bug) or feature enhancement (enhancement).  

You could also narrow your search to just the CVEs, i.e. security patches:

# yum updateinfo list cves
CVE-2012-3954 Moderate/Sec.  dhclient-12:4.1.1-31.P1.0.1.el6_3.1.x86_64
CVE-2012-3571 Moderate/Sec.  dhclient-12:4.1.1-31.P1.0.1.el6_3.1.x86_64
CVE-2012-3955 Low/Sec.       dhclient-12:4.1.1-34.P1.0.1.el6.x86_64 

This provides the CVE ID instead of the errata ID so that you can correlate a published CVE with a particular errata:

# yum updateinfo list --cve CVE-2012-3954
Loaded plugins: rhnplugin, security
ELSA-2012-1141 Moderate/Sec. dhclient-12:4.1.1-31.P1.0.1.el6_3.1.x86_64
ELSA-2012-1141 Moderate/Sec. dhcp-common-12:4.1.1-31.P1.0.1.el6_3.1.x86_64

Or see additional information about that particular errata or CVE:

# yum updateinfo info --cve CVE-2012-3954
Loaded plugins: rhnplugin, security
===============================================================================
   dhcp security update
===============================================================================
  Update ID : ELSA-2012-1141
    Release : Oracle Linux 6
       Type : security
     Status : final
     Issued : 2012-08-02
       CVEs : CVE-2012-3954
	    : CVE-2012-3571
Description : [12:4.1.1-31.P1.0.1.el6_3.1]
            : - Added oracle-errwarn-message.patch
            :
            : [12:4.1.1-31.P1.1]
            : - An error in the handling of malformed client
            :   identifiers can cause a denial-of-service
            :   condition in affected servers. (CVE-2012-3571,
            :   #843120)
            : - Memory Leaks Found In ISC DHCP (CVE-2012-3954,
            :   #843120)
   Severity : Moderate
updateinfo info done

For more information on using the yum tool, see the Oracle Linux 6 Administration Guide

Updating Oracle Linux by Errata or CVE

The yum-security plugin also allows you to narrow the yum tool to only update security fixes. Instead of running a generic update command, you can leverage the additional errata metadata and tell yum to only apply security patches:

# yum --security update

Alternatively, you can target a specific errata or CVE:

# yum update --cve CVE-2012-3954 

Or

# yum update --advisory ELSA-2012-1141

3rd-Party Linux management tools

Oracle Enterprise Manager 12c Cloud Control has always been able to extract and display errata information for Oracle Linux.  

Now, tools like Red Hat Satellite, Spacewalk, Katello/Pulp and SUSE Manager are all able to ingest the errata information and provide that information via their UI tools. 

For example, here's a snippet from  Spacewalk showing the Oracle Linux 6 (i386) Latest channel from public-yum.oracle.com:

Spacewalk errata list

If you click on a particular advisory, you can see information for that advisory:

You can also see the packages affected by an advisory:

Stay tuned for a future blog post that goes through how to setup Spacewalk to mirror the public-yum.oracle.com  repositories. 

Tuesday Apr 23, 2013

Tap into the Latest Linux Innovations with Oracle Linux Training

Oracle Linux brings the latest Linux innovations to market, along with worldwide, enterprise-class, low-cost support. Optimized for enterprise workloads, Oracle Linux is the only operating system to offer zero-downtime updates.

With the Oracle Linux System Administration course, learn core linux system administration skills while getting experience of Oracle Linux features such as the unbreakable linux network (ULN), the unbreakable enterprise kernel (UEK), and Ksplice.

You can take this live-instructor led, 5-day class as a:

  • Live-Virtual Event: Take this class from your own desk - no travel required. Choose from a wide selection of events on the schedule to suit different timezones.
  • In-Class Event: Travel to an education center to take this course. Below are a sample of the in-class events already on the schedule.

 Location

 Date

 Delivery Language

 Vienna, Austria

 24 June 2013

 German

London, England 

 20 May 2013 

 English

 Hamburg, Germany

 13 May 2013

 German

 Munich, Germany

 14 June 2013

 German

Warsaw, Poland 

15 July 2013 

 Polish

Bucharest, Romania 

 27 May 2013

 Romanian

 Madrid, Spain

 6 May 2013

 Spanish

 Ankara, Turkey

 7 October 2013

 Turkish

 Istanbul, Turkey

 27 May 2013

 Turkish

Beirut. Lebanon 

13 May 2013 

 English

 Nairobi, Kenya

 17 June 2013

 English

 Mississauga, Canada

29 April 2013 

 English 

Ottawa, Canada 

 4 November 2013

 English

Belmont, CA, United States 

23 September 2013 

 English

Irvine, CA, United States 

18 November 2013 

 English

Sacramento, CA, United States 

19 August 2013 

 English

San Francisco, CA, United States 

15 July 2013 

 English

Denver, CO, United States 

19 August 2013 

 English

Chicago, IL, United States 

13 May 2013 

 English 

Schaumburg, IL, United States 

26 August 2013 

English 

Roseville, MN, United States 

17 June 2013 

English

Edison, NJ, United States 

28 October 2013 

English 

New York, NY, United States 

17 June 2013 

English

Beaverton, OR, United States 

12 August 2013

English

San Antonio, TX, United States 

15 July 2013

 English 

Reston, VA, United States 

12 August 2013

 English 

Rio de Janeiro, Brazil 

 6 May 2013

 Brazilian Portugese

 Sao Paolo, Brazil

10 June 2013

  Brazilian Portugese

Jakarta, Indonesia

17 June 2013

 English 

Petaling Jaya, Malaysia

 27 May 2013

 English

 Bangkok, Thailand 

 26 August 2013 

 English

 Makati City, Philippines

 13 May 2013

 English

  Canberra, Australia

20 May 2013

 English

 Sydney, Australia

 20 May 2013

 English

 Melbourne, Australia

  24 June 2013

 English

For register for this course or get more information on the Oracle Linux curriculum, go to http://oracle.com/education/linux.

Note, Coming Soon - the Oracle Linux Advanced System Administration course which will cover Linux Containers, Cgroups, Btrfs, DTrace and more!

For information on other Oracle University courses, see April 2013 Oracle University Round-Up: New Training and Certifications.

Tuesday Apr 09, 2013

Reasons You Should Consider Migrating From SUSE Linux (SLES) to Oracle Linux

Each day we receive inquiries from Oracle customers who are interested in migrating from SUSE Linux Enterprise Server (SLES) to Oracle Linux.  As a result, we hosted a webcast to provide additional information for customers who are considering migration and there are a few key points from the webcast I would like to share.

First, I believe all Oracle customers benefit from using Oracle Linux for their Oracle workloads.  Oracle Linux is the corporate Linux standard for all development groups at Oracle.  The Oracle products you use are developed on Oracle Linux.  This development standard creates a natural synergy between Oracle Linux and the Oracle application stack.  Oracle Linux receives over 128,000 hours of testing  from Oracle products, including extensive regression testing, while SLES receives only basic installation testing as an operating system. 

Oracle Linux subscriptions also offer tremendous value.  With Oracle Linux Basic and Premier Support subscriptions you receive 24x7 support, 365 days per year with unlimited incidents. Compared to SLES, Oracle Linux can significantly reduce your operating expenses which translates directly to your bottom line.   Let's take, as an example, a 4-socket system hosting several virtual machines with 24x7 support:

 Oracle Linux Basic Support Subscription
 SLES Priority , 4-socket, Virtual Subscription
 $1,199 annually (per server)
 $3,878 annually (per server)

As you can see in the table, the SLES Priority Subscription list price is $3,878 annually, per server.  For Oracle Linux, the equivalent Basic subscription would be $1,199, about 69% less.   If you had 100 servers in your data center, this would be an annual savings of $267,000!   In addition, the Oracle Linux Basic and Premier Subscriptions include solutions for high availability and system management, at no additional charge.  To receive these features with SLES, you must purchase additional extension subscriptions per server.  Using the previous example, for the SUSE Linux High Availability extension you will pay an additional $1,398 for each 4-socket server in the cluster, per year.  This now represents a 77% savings with Oracle Linux.  If you want to use their system management tools, there is a separately priced extension.  As you can see from the example, the SUSE extension-based pricing model quickly adds up.  With Oracle Linux, our pricing is straightforward and subscriptions include more features, providing greater value for you.

There are also features you will only find with Oracle Linux.  For example, what if I were to tell you Oracle Linux provides all bug and security errata on our public yum repositories and it is free, would you be interested?  With Oracle Linux, you receive:

  1. Free ISO downloads for each major and minor releases
  2. Free software channels for bug fixes and security errata
  3. All source code, including changelogs, for free.  No subscription required.
  4. The ability to freely redistribute without a requirement to modify copyrights, trademarks, or sign additional agreements
  5. Freedom from restrictive support term requirements to cover all systems with subscriptions.  Oracle Linux support is only required for systems that you intend to receive support services for.  Systems that are static, and don't need support (testing, development, etc.) do not have to be covered by a subscription.

With SLES, you can download the product under a 60-day evaluation, but after 60 days you'll need a subscription if you wish to receive any further updates to the software or to access the source for those updates.  You will not have access to the changelogs for the source and if you want to distribute you will need to remove all trademarks, trade dress and logos before doing so.  In addition, depending on your buying program, you may be required to cover every instance of SLES with a subscription, regardless of whether you require support for that system.

There are also unique features for Oracle applications which are offered only with Oracle Linux.  One example is Oracle Database Smart Flash Cache.  Introduced originally with Oracle 11g Release 2, Oracle Database Smart Flash Cache provides the ability to extend the database buffer cache without adding additional main memory by expanding to second level cache on flash memory.  This ability to leverage flash improves Online Transaction Processing (OLTP) environments by improving transaction throughput and application response times.  Oracle Linux is the only Linux distribution with support for this feature. 

Also, have you ever considered what the actual cost is for system downtime in your data center?  Every data center schedules maintenance for production environments and for every maintenance window needed, an administrator must coordinate with multiple groups to plan and schedule downtime.  When you consider large systems, like the Oracle database, the man-hours needed to coordinate, schedule and implement maintenance updates quickly add up.  What if I told you Oracle Linux Premier Support subscriptions include Ksplice, a service for installing kernel updates without requiring a system reboot.  Ksplice eliminates many of the common maintenance scenarios which result in a system restart, allowing administrators to keep up to date with the latest kernel errata, without bringing down the server.

Finally, let's end by talking about support.  As everyone knows, Linux is open source and when you choose to purchase subscriptions for Linux, you are buying access to a vendor's knowledge and expertise.  With Oracle Linux, customers have access to the best support professionals in the industry, who not only understand the operating system but they also understand the Oracle applications running on it.  You will spend less time being shuffled from vendor to vendor when you have a critical issue, producing quicker resolutions for your production systems.

I have highlighted several key reasons why you should consider a migration from SLES to Oracle Linux and I encourage you to  review the materials we have available on the Migration Made Easy web site, where you will find additional tips and guides to get you started.  If you have additional questions or you are ready to talk about your migration, please contact us for more information.


About

Get the latest updates on strategy, products, events, news, customers, partners and all things Oracle Linux! Connect with Oracle's Linux experts.

Stay Connected

Twitter


Facebook

Search

Archives
« April 2013 »
SunMonTueWedThuFriSat
 
3
4
6
7
8
11
12
13
14
15
16
17
18
19
20
21
22
24
25
26
27
28
30
    
       
Today