This article describes how administrators can use Spacewalk to manage the lifecycle of Oracle Linux systems. It explains core concepts and common best practices for a Spacewalk deployment. The article also highlights how Spacewalk can perform initial Oracle Linux provisioning with Kickstart and then automate subsequent software maintenance operations through system lifecycles such as Development, Test, Acceptance, and Production (DTAP).
IT administrators face a tough challenge in provisioning systems and keeping them up to date with the latest patchesandoperating system updates. If errata are deemed critical from a security perspective, it's especially urgent to conduct testing and apply patches to reduce the risk of systems compromise or data exposure. As data centers expand and administrators are tasked to manage greater numbers of physical servers and virtual machines, it's clear that automation is a necessity for efficient and cost-effective systems management. Spacewalk is open source software that helps to automate Linux systems management, allowing administrators to control the system software lifecycle—from initial Linux installation through maintenance, software configuration, and upgrades.
Thanks so much to everyone that stopped by our booth and went to our sessions at LinuxCon North America 2015! We had a great time and it was fantastic getting the opportunity to meet and speak with many of you in person.
Some of the things that are top of mind for Linux users are (obviously!) the cloud impact on data center design, container technologies, OpenStack, security, and so on. So I looked through our archive to find a webcast that I think does a great job outlining how Oracle Linux approaches these things. If you're looking for a brief overview this Friday afternoon, head on over to this webcast archive and have a watch:
With Oracle OpenWorld Latin America with several Oracle Linux and virtualization sessions and demos, and our booth at Red Hat Summit, it’s been a busy and fun week here at Oracle.
For today's spotlight, I’m going to reach back into the archives to highlight something that I think is particularly cool. You probably know about Spacewalk for managing your Linux deployments, and you also probably know about our Ksplice feature that allows for zero-downtime kernel updates. Taken together, these tools give you a streamlined way to keep your Oracle Linux systems up to date. And, in fact, this past winter we did a webcast on this exact subject, which is available as an archive. It would be nice background listening as you wrap-up your Friday afternoon:
- We had a great time at LISA14, with many of you getting to talk to our experts at the booth and attending Ken Crandall’s session on the modern, cloud-enabled data center. Here is a picture of a live Ksplice demo going on at the booth (yes, rebooting is obsolete!):
If you weren’t at the show and want to see Ken’s session (and I highly recommend it), you can catch a webcast version this coming Tuesday:
Building the Modern Cloud-Enabled Data Center with Oracle Linux 7
Come and hear Ken's insightful views on how Oracle can help you build a modern infrastructure.
- We were also at the Linux Foundation’s Korea Linux Forum. Another great opportunity to answer your questions about Oracle Linux, our Oracle staff at the show told me there was a great response at the booth and our speaking session on Btrfs.
- The Oracle Linux November newsletter is out! It’s a great way to catch up on everything that happened this year at Oracle OpenWorld 2014, read about product releases over the last 8 weeks or so, and much more. You can read it online here, or subscribe so it arrives automatically in your inbox.
Whew, it was a busy week! We hope you have a great weekend and we’ll see you next week with more.
The Oracle Linux team is pleased to announce the availability of the Spacewalk client for Oracle Linux 7. Customers who want to register Oracle Linux 7 servers with an existing Spacewalk server can install the client from the Oracle Public Yum repository. It can also be added to Spacewalk itself for local installation via Spacewalk.
To access the Spacewalk client repository for Oracle Linux 7, add the following stanza to public-yum-ol7.repo on the client server:
name=Spacewalk Client 2.2 for Oracle Linux 7 ($basearch)
To add the Spacewalk client for Oracle Linux 7 to an existing Spacewalk server install, create a new repository with the following URL:
With increasing budget constraints and resource limitations, it’s becoming more and more important to leverage technological advances to squeeze as much value as possible out of your data center deployments. Innovative tools such as Ksplice, DTrace, Linux Containers, Docker, Spacewalk, and more, can help you to deploy and manage your deployments quicker and easier, increasing overall ROI. Join this November webcast series to learn how these technologies with Oracle Linux can streamline deployment and management of your critical IT systems.
Building the Modern Cloud-Enabled Data Center with Oracle Linux 7 Date: Tuesday, November 18, 2014 Time: 9:00 am PST Register here
Spacewalk and Ksplice: Keep Oracle Linux Systems Up to Date and Secure Date: Tuesday, November 25, 2014 Time 3:00 pm PST Please note the 3:00 pm PST start time on this one to accommodate our friends in JAPAC. Replays will be available afterward if these dates and times are inconvenient for you. Register here
We've just updated the Oracle version of Spacewalk on http://public-yum.oracle.com to include a ULN plug-in for the spacewalk-repo-sync tool. The plug-in enables you to synchronize ULN content directly into Spacewalk channels without registering the Spacewalk server with ULN, but an active ULN account is still required. This allows you to register your Spacewalk server to Spacewalk itself while still receiving updates from ULN.
The ULN plug-in was not included with the initial release of Spacewalk from Oracle. Depending on the configuration of your Spacewalk server, you might need to update the Spacewalk packages, specifically the spacewalk-config and spacewalk-backend-* packages.
To configure the ULN plug-in, edit the /etc/rhn/spacewalk-repo-sync/uln.conf file and add login credentials for ULN. By default, this file is read-only by root.
After you edit the configuration file, change the file permissions on the file to make it read-only (0400) by root or the user that will run the spacewalk-repo-sync tool. This is an important security step to protect the ULN credentials. By default, this script is run as the root user by the Spacewalk scheduling engine, but if you chose to run the script interactively via the command-line, you will need to ensure at least read-access to this file.
Once the ULN plug-in is configured, you create the Spacewalk software channels and repositories in the normal way using the Spacewalk web interface. When you specify the URL for a ULN repository, use a URL in the following format:
uln:///<ULN channel label>
You can get a list of available ULN channel labels by logging in to ULN (https://linux.oracle.com) and selecting the Channels tab.
We've also updated Spacewalk to allow installation with the latest version of the Oracle 11gR2 Instant Client (184.108.40.206) available on ULN and OTN.
Over the years, customers migrating to Oracle Linux have asked for options to provide a transitional solution for their existing system management tools (such as Red Hat Satellite Server) while evaluating and planning migrations to Oracle's Enterprise Manager, which is offered at no additional charge with Oracle Linux Support Subscriptions. Based on this request, we are pleased to announce support for the open-source community project, Spacewalk, which is the basis for both Red Hat Satellite Server and SUSE Manager. Effective today, customers with Oracle Linux Basic and Premier Support subscriptions have access to a fully supported Spacewalk build which can be setup to easily manage Oracle Linux systems.
Spacewalk support for Oracle Linux requires Oracle Linux 6, x86_64 for the server and provides support for Oracle Linux 5 and Oracle Linux 6 (x86, x86_64) clients. This solution requires Oracle Database 11g Release 2 as the supported database repository for Spacewalk with Oracle Linux. Customers may use an existing Oracle database license or they may begin by downloading a 30-day trial license from eDelivery. Customers with Oracle Linux Basic and Premier subscriptions will automatically have access to the channel hosting the supported build. Please review the release notes for further instructions.
Oracle Enterprise Manager is still the recommended enterprise solution for managing Oracle Linux systems and we want to provide the easiest transition path for our customers. We are excited to offer this solution to our Oracle Linux customers while they plan and implement their migration to Oracle Enterprise Manager.
Spacewalk is a popular Linux management tool that can be used to manage several operating systems, including the Red Hat Enterprise Linux derivatives like CentOS and Scientific Linux, Debian and even Solaris.
While the Spacewalk installation instructions are very thorough, here is a brief guide to installing Spacewalk on Oracle Linux 6. It is possible to install on Oracle Linux 5, but it requires a lot more manual intervention as the Unbreakable Linux Network packages installed on Oracle Linux 5 conflict with some Spacewalk packages. You should use both the Spacewalk installation instructions in combination with this guide to install Spacewalk.
This guide uses Oracle Linux 6.4 (x86_64). Download Oracle Linux 6.4 from the Oracle Software Delivery Cloud or one of the mirrors. You can choose either to do a "Basic Server" install, or a "Minimal" install. I recommend performing a "Basic Server" install as this provides basic system administration tools. If you are using a previous version of Oracle Linux 6, please ensure it is either registered with the Unbreakable Linux Network or is configured to use public-yum.oracle.com for updates.
You should assign both a fixed hostname as well as a fixed IP address for your Spacewalk server. The hostname should be resolvable via DNS on your network.
Binary packages of Spacewalk are available through YUM repositories at http://yum.spacewalkproject.org/. To use this repository, install the spacewalk-repo package with commands below:
Spacewalk supports either Oracle Database 10g or higher or PostgreSQL 8.4 or higher to store its primary data. While Oracle Database XE is supported by Spacewalk, it is not supported by Oracle. Therefore, we recommend either using an existing Oracle Database Standard or Enterprise Edition server or using PostgreSQL.
Oracle Database Setup
Installation of an Oracle Database server is outside the scope of this walk-through. We assume you have an existing Oracle Database server installed and available. The spacewalk user needs to have the CONNECT and RESOURCE roles as well as the ALTER SESSION, CREATE SYNONYM,CREATE TABLE and CREATE VIEW system privileges.
You will also need to make the following code change on your Spacewalk server, after you have installed the Spacewalk software:
# diff -u /etc/sysconfig/rhn/oracle/main.sql-20110504 /etc/sysconfig/rhn/oracle/main.sql
--- main.sql-20110504 2011-04-08 21:40:53.000000000 +0200+++ main.sql 2011-05-04 14:20:24.000000000 +0200@@ -38940,6 +38940,12 @@
-- Source: data/common/rhnPackageSyncBlacklist.sql
++select lookup_package_name('gpg-pubkey') from dual;++select lookup_package_name('rhns-ca-cert') from dual;++select lookup_package_name('rhn-org-trusted-ssl-cert') from dual;
insert into rhnPackageSyncBlacklist (package_name_id)
Without this change, the Spacewalk installation fails with the following error in /var/log/rhn/populate_db.log:
ORA-02291: integrity constraint (SPACEWALK.RHN_PACKAGESYNCBL_PNID_FK) violated - parent key not found
The Oracle Instant Client packages can be installed from ULN by subscribing to the Oracle Software channel and running the following command:
The rest of this guide uses an Oracle Database backend. Don't forget to make the code change listed under Oracle Database Setup before continuing!
The Spacewalk binary packages are missing a dependency on the geronimo-jta-1.1-api RPM, so install it manually:
# yum install geronimo-jta-1.1-api
Your Spacewalk server should have a resolvable FQDN such as 'hostname.domain.com'. If the installer complains that the hostname is not the FQDN, do not use the --skip-fqdn-test flag to skip.
If you installed spacewalk-setup-embedded-postgresql above, run
# spacewalk-setup --disconnected
If you set up the database server manually (either on the same or on a different machine), run
# spacewalk-setup --disconnected --external-db
A sample interactive install:
# spacewalk-setup --disconnected --external-db
* Setting up Oracle environment.
* Setting up database.
** Database: Setting up database connection for Oracle backend.
Database service name (SID)? orcl.domain.com
Database hostname [localhost]? spacewalk-db.domain.com
** Database: Testing database connection.
** Database: Populating database.
*** Progress: ############################################################
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
** GPG: Creating /root/.gnupg directory
You must enter an email address.
Admin Email Address? firstname.lastname@example.org
* Performing initial configuration.
* Activating Spacewalk.
** Loading Spacewalk Certificate.
** Verifying certificate locally.
** Activating Spacewalk.
* Enabling Monitoring.
* Configuring apache SSL virtual host.
Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]?
** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave
* Configuring tomcat.
** /etc/sysconfig//tomcat6 has been backed up to tomcat6-swsave
** /etc/tomcat6//server.xml has been backed up to server.xml-swsave
** /etc/tomcat6//web.xml has been backed up to web.xml-swsave
* Configuring jabberd.
* Creating SSL certificates.
CA certificate password?
Re-enter CA certificate password?
Organization? Oracle Demo
Organization Unit [spacewalk.domain.com]?
Email Address [email@example.com]?
City? Redwood Shores
Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US
** SSL: Generating CA certificate.
** SSL: Deploying CA certificate.
** SSL: Generating server certificate.
** SSL: Storing SSL certificates.
* Deploying configuration files.
* Update configuration in database.
* Setting up Cobbler..
`/etc/cobbler/modules.conf' -> `/etc/cobbler/modules.conf-swsave'
`/etc/cobbler/settings' -> `/etc/cobbler/settings-swsave'
cobblerd does not appear to be running/accessible
Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]?
cobblerd does not appear to be running/accessible
* Restarting services.
Visit https://spacewalk.domain.com to create the Spacewalk administrator account.
The following channels on public-yum.oracle.com contain errata information that can be ingested by Spacewalk:
Each repository stores ALL packages released since the first Generally Available (GA) release of each version. This means the storage requirements for each of these repositories is between 20GB-30GB each. Care should be taken to ensure you have enough disk space to mirror each repository.
Adding the Oracle Linux 6 (x86_64) Latest channel
Goto Channels -> Manage Software Channels -> Manage Repositories. Click "create new repository" and provide the following configuration:
Repository Label: External yum repo - Oracle Linux 6 (x86_64)
After creating the repository, you need to link it to one or more Software Channels. Goto: Channels -> Manage Software Channels. Click "create new channel" and provide the following configuration:
Channel Name: Oracle Linux 6 (x86_64)
Channel Label: oraclelinux6-x86_64
Yum Repository Checksum Type: sha256
Channel Summary: Oracle Linux 6 (x86_64)
Then click "create channel". Once the channel is created, click the "Repositories" tab that appears and select the "External yum repo - Oracle Linux 6 x86_64" repository and click "Update Repositories". Once you've enabled the repository, click the "Sync" tab and either click the "Sync Now" button to trigger an immediate sync, or schedule a sync. Note that the initial repository sync can take 2-3 days to complete for each repository.