X

Insights, news and announcements for Oracle Systems products

Managing the Oracle Linux life cycle within an Oracle Private Cloud Appliance

Jeff Savit, and Stephen Dennis

This blog article is posted for guest author Stephen Dennis.

The Oracle Private Cloud Appliance is an integrated, “wire once” software-defined infrastructure system that simplifies the way customers install, deploy, and manage virtual environments for any Linux, Oracle Solaris, or Microsoft Windows application. Oracle Private Cloud Appliance supports a large range of OS versions hosted in a converged server, network, and storage environment to enable general purpose, business- and mission-critical application deployments in medium to large data centers.

Within the PCA, a key IT administration task is to provide a means by which any Oracle Linux virtual machines can be provisioned and kept up to date with the latest security, kernel and operating system updates. For some customers, with existing Oracle Linux deployments, there may already be a mechanism in place within their data centre environment to provide such services. For other customers, perhaps new to Oracle Linux, no such data centre service may be available.

Oracle Linux Manager provides an effective set of tools for managing the Oracle Linux software life cycle. Oracle Linux Manager also helps automate kickstart installations, system configuration maintenance tasks, and run automatic OpenSCAP audits against industry-standard security checklists and evaluation profiles. This enables an IT systems administrator with the tools to rapidly deploy proven and consistent software configurations for Oracle Linux systems.

This article covers the how the use of Oracle Linux Manager can provide such services within an Oracle Private Cloud Appliance, from a single set of utility virtual machines (VM's).

More about Oracle Linux Manager

A central task for IT administrators is to provision systems and keep them up to date with the latest patches and operating system updates. If the security policy at your site regards operating system errata as critical, it is crucially important to conduct regular testing and apply patches to reduce the risk of systems vulnerabilities or data breaches. As data centers expand, administrators are required to manage even greater numbers of physical servers and virtual machines. As a result, automation becomes a necessity for efficient and cost-effective systems management. Oracle Linux Manager 2.10, based on the Spacewalk open source software, helps automate Oracle Linux systems management, thereby enabling you to control the system software life cycle, from initial installation, through maintenance, software configuration, upgrades, and eventual decommissioning.

Oracle Linux Manager administrators retain complete control over the frequency with which updates are acquired from the public Oracle Linux repositories AND the frequency with which any updates are "pushed", or "pulled" from the Oracle Linux Manager server to Oracle Linux clients. 

As illustrated in the following figure, during the typical life cycle of a system, you can use Oracle Linux Manager to simplify several system management tasks, such as installing bare metal systems and virtual guests, applying patches and software updates, configuring software, and auditing system security.

The figure depicts a typical life cycle of a system, from initial provisioning, through repeated cycles of patching, configuration, and auditing, before eventual decommissioning.

Oracle Linux Manager consists of a typical three-tier application architecture all contained within the Oracle Linux Manager server.

The figure provides an overview of a three-tiered Oracle Linux Manager server architecture.

Each tier consists of the following components:

  • Data Tier: Contains the database* and Taskomatic. Oracle Linux Manager uses the Taskomatic daemon to perform asynchronous scheduled tasks, such as resynchronizing software channels, applying software and configuration updates to clients, and notifying you when new errata become available.
  • Logic Tier: Contains the Apache and Tomcat web servers, which process data for use by the presentation tier.
  • Presentation Tier: Contains the back-end and front-end XML/RPC APIs, which provide programming interfaces for the command-line client utilities and other XML/RPC clients, and the web interface, which can be accessed by using a web browser.

* NOTE: For larger deployments the database service can be located on its own independent system.

A number of architectural deployment patterns can be used:

  • Simple deployment with a single Oracle Linux Manager server that has several clients.

  • More complex deployment with one Oracle Linux Manager server and multiple Oracle Linux Manager proxies, where each proxy has several clients.

  • Deployment with two Oracle Linux Manager servers, each at different sites, where the server at one site acts as the primary server, while the server at the other site acts as a secondary or worker server. Inter-server synchronisation (ISS) is used to manage channel content, channel permissions, and organisational trust settings between the two servers.

Please read the Oracle Linux Manager documentation from the Oracle Documentation Library for further information. Specifically, the Oracle Linux Manager resources below are recommended:

Using Oracle Linux Manager within an Oracle Private Cloud Appliance system

Oracle Linux Premier Support is included with a support subscription for each Oracle Private Cloud Appliance. This covers the unlimited use of Oracle Linux within the Oracle PCA itself and restricted use of the following: -

  • Oracle Ksplice and use it to update both Oracle Linux and Red Hat Enterprise Linux
  • Oracle Clusterware in support of Oracle Linux
  • Oracle Database in support of Oracle Linux Manager / Spacewalk
  • Oracle Enterprise Manager in support of both the Oracle Private Cloud Appliance and Oracle Linux

The Oracle PCA Licensing Information User Manual provides further details.

A local Oracle Linux Manager system within an Oracle PCA would be able to provide the full life cycle management services for any Oracle Linux VMs within the Oracle PCA. Only the Oracle Linux Manager server will need access to the public facing Oracle Linux repositories.

Each Oracle Linux VM client within the Oracle PCA would only have to reference the PCA Oracle Linux Manager server VM to gain access to the latest software and errata updates as published by Oracle, and downloaded by the Oracle Linux Manager service.

To provide an appropriate Oracle Linux client life cycle management service, an Oracle Linux Manager server can be installed and configured on a utility VM, or VMs, within the Oracle PCA.

Oracle Linux Manager Server Build and Configuration

To provide an Oracle Linux Manager environment within the PCA requires the following: -

  • VM(s)
    • One Oracle Linux 7 virtual machine to provide the platform for the Oracle Linux Manager server
      • The VM will need to be appropriately sized to accommodate both the local repository cache and have sufficient CPU and memory to cope with the planned workloads
    • One Oracle Linux 7 virtual machine to provide the platform for the Oracle Linux Manager Database - this can be co-located with the Oracle Linux Manager server for limited implementations
      • The VMs will need to be appropriately sized to accommodate the Oracle Linux Manager Database instance and have sufficient CPU and memory to cope with the planned workloads
  • Networking
    • Public facing vNIC and externally presented IP address per VM
    • [Optionally] Private vNIC and internally presented IP addresses per VM  to provide an Oracle PCA internal Linux update network
    • Fully Qualified Domain Name (FQDN) entries in the data centre DNS services for the Oracle Linux Manager utility VM(s) public IP address(es)
    • Access from the Oracle Linux Manager server to either ULN or yum.oracle.com services for Linux Channel synchronisation

Follow the steps below to create the base Oracle Linux Manager services (package updates only): -

  • Build the Oracle Linux Manager utility VM(s)
  • Correctly configure the Oracle Linux Manager server VM to be able to access the Oracle Linux repository sites (ULN or public YUM)
  • Run a 'yum update' on the Oracle Linux Manager server to bring its operating system image up to the latest software releases
  • Download the Oracle Linux Manager server software to the Oracle Linux Manager server VM
  • Install and configure the Oracle Linux Manager Oracle Database on the Oracle Linux Manager database VM (or within the Oracle Linux Manager server if a single VM is being used)
  • Add Oracle VM Server guest additions to the VM(s) for improved management by the Oracle PCA's Oracle VM Manager
  • Configure the Oracle Linux Manager server
    • Run the command 'spacewalk-setup --external-oracle' for systems with an external database instance
    • This will also configure the primary Oracle Linux Manager service administrator and provide the URL link for continued access to the Oracle Linux Manager server services
  • Subscribe to the required Oracle Linux Manager Channels
    • Use the 'spacewalk-common-channels' command to find the available Oracle Linux channels, e.g: -
      • spacewalk-common-channels --list | grep "oracle"

    • Then use the 'spacewalk-common-channels' command to create both the Linux Channels and the associated Repositories, e.g: -

      • spacewalk-common-channels -v -u <olm_admin_user> -p <olm_admin_user_password> -a x86_64 -k unlimited 'oraclelinux6*'

      • spacewalk-common-channels -v -u <olm_admin_user> -p <olm_admin_user_password> -a x86_64 -k unlimited 'oraclelinux7*'

      • spacewalk-common-channels -v -u <olm_admin_user> -p <olm_admin_user_password> -a x86_64 -k unlimited 'oraclelinux8*'

  • Please refer to the Oracle Linux Manager Documentation Library for details on how to create 'custom channels', such as those required For Oracle Linux release 5.
  • Synchronise the required Oracle Linux Manager Channels with the public Oracle Linux repositories
    • Please note: This initial synchronisation will take a significant period of time - possibly days - depending on the number of Oracle Linux channels being subscribed to by the Oracle Linux Manager server

The final step is now to configure the Oracle Linux VM clients to use the local Oracle Linux Manager service.

Oracle Linux Manager Client Configuration

Configuring Oracle Linux Manager clients

The Oracle Linux Manager server will be a client of itself, rather than registered with ULN or configured to use yum.oracle.com. The same approach is used for the Oracle Linux Manager server, its database VM and the Oracle Linux client VMs.

Client Registration

Beginning from Oracle Linux 7 Update 1, and on Oracle Linux 8 Update 2 updated with the latest packages from either ULN or yum.oracle.com, you can register a client prior to installing the client software. Previously, client software installation was a prerequisite to registration.

Two simple commands are required: -

  • wget -q -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT http://<FQDN of OLM Server>/pub/RHN-ORG_TRUSTED-SSL-CERT
  • rhnreg_ks --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --serverUrl=https://<FQDN of OLM Server>/XMLRPC --activationkey=1-oraclelinux7-x86_64

NOTE: The activation key (--activationkey=1-oraclelinux7-x86_64) will change depending on whether the new Oracle Linux client system is Oracle Linux 7 or Oracle Linux 8 based.

Once registered, the following yum updates need to be run:

For Oracle Linux 7 based systems, use:

  • yum install oracle-linux-manager-client-release-el7
  • yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin

For Oracle Linux 8 based systems, use:

  • dnf install oracle-linux-manager-client-release-el8
  • dnf -y module disable rhn-tools satellite-5-client
  • dnf -y --allowerasing install python3-rhnlib python3-spacewalk-usix rhn-client-tools rhn-check rhn-setup rhnsd dnf-plugin-spacewalk
  • dnf -y remove rhnlib

Install & register

If the Oracle Linux instance is outside of the above criteria, then the process is reversed; Install the rpm packages, using the normal yum install process, then the register with the Oracle Linux Manager server - the same commands are used - but with a Channel specific activation key.

Oracle Linux Manager daemon

The final step in this journey is to install and enable the Oracle Linux Manager daemon, which allows the Oracle Linux Manager server to schedule and "push" updates to any given managed client host.

This is NOT a mandatory step. Manual administration of each Linux operating system instance is possible using a 'yum update", or "yum install" as and when required by the system administrator.

However, enabling the Oracle Linux Manager daemon will permit remote patch management on a scheduled, and controlled, basis to occur on multiple systems literately at the click of a button.

To install the Oracle Linux Manager daemon, use the following commands:

For Oracle Linux 5, 6 or 7 systems: -

  • yum install osad
  • chkconfig osad on
  • service osad start

For Oracle Linux 7 or 8 systems: -

  • yum install osad
  • systemctl enable osad
  • systemctl start osad

Now enjoy the new Oracle Linux Manager services !!

A Technical Brief providing more detailed instructions on the installation and configuration of this service is forthcoming. Please watch this blog for updates.

Further Resources

The following resource links provide additional information: -

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.