This article describes how administrators can use Spacewalk to manage the lifecycle of Oracle Linux systems. It explains core concepts and common best practices for a Spacewalk deployment. The article also highlights how Spacewalk can perform initial Oracle Linux provisioning with Kickstart and then automate subsequent software maintenance operations through system lifecycles such as Development, Test, Acceptance, and Production (DTAP).
IT administrators face a tough challenge in provisioning systems and keeping them up to date with the latest patchesandoperating system updates. If errata are deemed critical from a security perspective, it's especially urgent to conduct testing and apply patches to reduce the risk of systems compromise or data exposure. As data centers expand and administrators are tasked to manage greater numbers of physical servers and virtual machines, it's clear that automation is a necessity for efficient and cost-effective systems management. Spacewalk is open source software that helps to automate Linux systems management, allowing administrators to control the system software lifecycle—from initial Linux installation through maintenance, software configuration, and upgrades.
I'm really excited to share this week's Friday Spotlight with you. Oracle Senior Vice President of Linux and Virtualization Wim Coekaerts sat down with Director of Product Management Michele Casey and Senior Development Manager Jamie Iles to talk about Ksplice.
In the video, they go into a lot of detail about why Ksplice is a production-ready tool for keeping systems up to date. A highlight for me is the discussion featuring a real world example of an Oracle Linux 6.2 system from 2011, and how a system like that can be patched over time with all the important CVEs and security updates without a single reboot -- no rebooting literally for years. For production systems, you can just keep the system up and running, and still be up to date. Click this screenshot to head on over to Oracle Media Network to watch the video:
Oracle Linux images are now available on the Docker Hub Registry, a repository for Docker-based components, including applications and operating systems (OSs). Oracle Linux joins MySQL, which is already extremely popular on Docker Hub and has been downloaded millions of times.
This is exciting news for Oracle Linux and for the Docker community. Please read the press release to get all the details.
Our spotlight this week is on a fantastic screencast video by Oracle's Greg Marsden. In the video, Greg covers a number of specific tips to help maximize performance of your Oracle Linux deployment. Give it a watch by clicking below:
Happy Friday and happy new year! Our spotlight this week is on an excellent webcast from our archives titled "Oracle Linux Management Demystified." It describes the integration between Oracle Linux and Oracle Enterprise Manager 12c, allowing you to do provisioning, patching, monitoring, and administration all from a unified console. This is an on-demand webcast, so it will play as soon as you enter your details. Enjoy and we'll see you next week!
The Oracle Enterprise Manager Agent Preinstall RPM installs the required
software packages and prepares the operating system for Oracle
Enterprise Manager Agent deployment. It has recently been made available for both x86_64 and i386 platforms from the ol6_addons repository on the public-yum server and the Unbreakable Linux Network.
The Oracle Management Agent (Management Agent) is one of the core components of Enterprise Manager Cloud Control that is deployed on each monitored host. It is responsible for managing and maintaining the hosts and its targets and communicating that information to the middle-tier Oracle Management Service. The Management Agent also allows you to monitor non-Oracle components (such as third-party databases) through management plug-ins and connectors.
Once the Oracle Enterprise Manager agent is deployed on an operating system, the operating system and applications running on that host can be monitored and manged using the Oracle Enterprise Manager 12c console.
The Oracle Enterprise Manager Agent Preinstall package installs the required software packages and sets system parameters necessary to deploy and run the Oracle Enterprise Manager Agent on Oracle Linux 6. In particular, it performs the following tasks to enable the agent deployment:
Installs the required packages like sudo or openssh (via RPM package dependencies which will be resolved by the yum package manager)
Creates and configures the oracle user and group accounts
Modifies the user hard and soft file limits set in /etc/security/limits.d/
Installs sudo configuration templates
This RPM may be installed on an existing physical or virtual Oracle Linux 6 system, or may be included in an Oracle VM Template or Oracle Virtual Assembly. Note that the actual agent installation requires 2 GB of free space and 512 MB swap space, and therefore the system image should be configured to meet these requirements.
A. Installing on physical or virtual Linux machine
Subscribe the system to the Oracle Linux 6 Addons channel in ULN (ol6_addons on public-yum).
Install the RPM via yum: # yum install oracle-em-agent-12cR1-preinstall
Check that there is at least 2 GB free disk space in the agent install location (e.g. by using "df -h") and at least 512 MB of swap space (e.g. by running "swapon -s")
B. Including the RPM in the system.img disk image inside of an Oracle Virtual Assembly
Place System.img and vm.cfg in the same folder
As the root user, run the following command: # modifyjeos -f System.img -a <addrpm.lst> -m <rpm_directory_for_the_os> (where addrpm.lst contains the list of additional RPMs to install)
Check if the root partition has a minimum of 2 GB of free disk space. If not, use the following command to increase the free space: # modifyjeos -f System.img -T <total new amount of disk space in MB>
Check if there is a minimum of 512 MB of swap space. If not, use the following command to increase the swap space; # modifyjeos -f System.img -S <total new amount of swap space in MB>
An Oracle Enterprise Manager installation can be configured such that the Enterprise Manager agent is pushed on the Guest VMs automatically when the Oracle Virtual Assembly is deployed.
To configure the Oracle Management Server (OMS) for automatic agent push, update the following properties in the
Spacewalk is a popular Linux management tool that can be used to manage several operating systems, including the Red Hat Enterprise Linux derivatives like CentOS and Scientific Linux, Debian and even Solaris.
While the Spacewalk installation instructions are very thorough, here is a brief guide to installing Spacewalk on Oracle Linux 6. It is possible to install on Oracle Linux 5, but it requires a lot more manual intervention as the Unbreakable Linux Network packages installed on Oracle Linux 5 conflict with some Spacewalk packages. You should use both the Spacewalk installation instructions in combination with this guide to install Spacewalk.
This guide uses Oracle Linux 6.4 (x86_64). Download Oracle Linux 6.4 from the Oracle Software Delivery Cloud or one of the mirrors. You can choose either to do a "Basic Server" install, or a "Minimal" install. I recommend performing a "Basic Server" install as this provides basic system administration tools. If you are using a previous version of Oracle Linux 6, please ensure it is either registered with the Unbreakable Linux Network or is configured to use public-yum.oracle.com for updates.
You should assign both a fixed hostname as well as a fixed IP address for your Spacewalk server. The hostname should be resolvable via DNS on your network.
Binary packages of Spacewalk are available through YUM repositories at http://yum.spacewalkproject.org/. To use this repository, install the spacewalk-repo package with commands below:
Spacewalk supports either Oracle Database 10g or higher or PostgreSQL 8.4 or higher to store its primary data. While Oracle Database XE is supported by Spacewalk, it is not supported by Oracle. Therefore, we recommend either using an existing Oracle Database Standard or Enterprise Edition server or using PostgreSQL.
Oracle Database Setup
Installation of an Oracle Database server is outside the scope of this walk-through. We assume you have an existing Oracle Database server installed and available. The spacewalk user needs to have the CONNECT and RESOURCE roles as well as the ALTER SESSION, CREATE SYNONYM,CREATE TABLE and CREATE VIEW system privileges.
You will also need to make the following code change on your Spacewalk server, after you have installed the Spacewalk software:
# diff -u /etc/sysconfig/rhn/oracle/main.sql-20110504 /etc/sysconfig/rhn/oracle/main.sql
--- main.sql-20110504 2011-04-08 21:40:53.000000000 +0200+++ main.sql 2011-05-04 14:20:24.000000000 +0200@@ -38940,6 +38940,12 @@
-- Source: data/common/rhnPackageSyncBlacklist.sql
++select lookup_package_name('gpg-pubkey') from dual;++select lookup_package_name('rhns-ca-cert') from dual;++select lookup_package_name('rhn-org-trusted-ssl-cert') from dual;
insert into rhnPackageSyncBlacklist (package_name_id)
Without this change, the Spacewalk installation fails with the following error in /var/log/rhn/populate_db.log:
ORA-02291: integrity constraint (SPACEWALK.RHN_PACKAGESYNCBL_PNID_FK) violated - parent key not found
The Oracle Instant Client packages can be installed from ULN by subscribing to the Oracle Software channel and running the following command:
The rest of this guide uses an Oracle Database backend. Don't forget to make the code change listed under Oracle Database Setup before continuing!
The Spacewalk binary packages are missing a dependency on the geronimo-jta-1.1-api RPM, so install it manually:
# yum install geronimo-jta-1.1-api
Your Spacewalk server should have a resolvable FQDN such as 'hostname.domain.com'. If the installer complains that the hostname is not the FQDN, do not use the --skip-fqdn-test flag to skip.
If you installed spacewalk-setup-embedded-postgresql above, run
# spacewalk-setup --disconnected
If you set up the database server manually (either on the same or on a different machine), run
# spacewalk-setup --disconnected --external-db
A sample interactive install:
# spacewalk-setup --disconnected --external-db
* Setting up Oracle environment.
* Setting up database.
** Database: Setting up database connection for Oracle backend.
Database service name (SID)? orcl.domain.com
Database hostname [localhost]? spacewalk-db.domain.com
** Database: Testing database connection.
** Database: Populating database.
*** Progress: ############################################################
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
** GPG: Creating /root/.gnupg directory
You must enter an email address.
Admin Email Address? firstname.lastname@example.org
* Performing initial configuration.
* Activating Spacewalk.
** Loading Spacewalk Certificate.
** Verifying certificate locally.
** Activating Spacewalk.
* Enabling Monitoring.
* Configuring apache SSL virtual host.
Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]?
** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave
* Configuring tomcat.
** /etc/sysconfig//tomcat6 has been backed up to tomcat6-swsave
** /etc/tomcat6//server.xml has been backed up to server.xml-swsave
** /etc/tomcat6//web.xml has been backed up to web.xml-swsave
* Configuring jabberd.
* Creating SSL certificates.
CA certificate password?
Re-enter CA certificate password?
Organization? Oracle Demo
Organization Unit [spacewalk.domain.com]?
Email Address [email@example.com]?
City? Redwood Shores
Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US
** SSL: Generating CA certificate.
** SSL: Deploying CA certificate.
** SSL: Generating server certificate.
** SSL: Storing SSL certificates.
* Deploying configuration files.
* Update configuration in database.
* Setting up Cobbler..
`/etc/cobbler/modules.conf' -> `/etc/cobbler/modules.conf-swsave'
`/etc/cobbler/settings' -> `/etc/cobbler/settings-swsave'
cobblerd does not appear to be running/accessible
Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]?
cobblerd does not appear to be running/accessible
* Restarting services.
Visit https://spacewalk.domain.com to create the Spacewalk administrator account.
The following channels on public-yum.oracle.com contain errata information that can be ingested by Spacewalk:
Each repository stores ALL packages released since the first Generally Available (GA) release of each version. This means the storage requirements for each of these repositories is between 20GB-30GB each. Care should be taken to ensure you have enough disk space to mirror each repository.
Adding the Oracle Linux 6 (x86_64) Latest channel
Goto Channels -> Manage Software Channels -> Manage Repositories. Click "create new repository" and provide the following configuration:
Repository Label: External yum repo - Oracle Linux 6 (x86_64)
After creating the repository, you need to link it to one or more Software Channels. Goto: Channels -> Manage Software Channels. Click "create new channel" and provide the following configuration:
Channel Name: Oracle Linux 6 (x86_64)
Channel Label: oraclelinux6-x86_64
Yum Repository Checksum Type: sha256
Channel Summary: Oracle Linux 6 (x86_64)
Then click "create channel". Once the channel is created, click the "Repositories" tab that appears and select the "External yum repo - Oracle Linux 6 x86_64" repository and click "Update Repositories". Once you've enabled the repository, click the "Sync" tab and either click the "Sync Now" button to trigger an immediate sync, or schedule a sync. Note that the initial repository sync can take 2-3 days to complete for each repository.
In this article, Ginny explains how to use the Linux kernel's built-in resource control mechanisms (called "Cgroups") to manage the allocation of CPUs and memory to processes and how to configure disk I/O throttling for certain groups of processes. Cgroups is a very powerful and flexible feature of the Linux kernel. We hope you will find this article useful!