This blog article is posted for guest author Stephen Dennis.
The Oracle Private Cloud Appliance is an integrated, “wire once” software-defined infrastructure system that simplifies the way customers install, deploy, and manage virtual environments for any Linux, Oracle Solaris, or Microsoft Windows application. Oracle Private Cloud Appliance supports a large range of OS versions hosted in a converged server, network, and storage environment to enable general purpose, business- and mission-critical application deployments in medium to large data centers.
Within the PCA, a key IT administration task is to provide a means by which any Oracle Linux virtual machines can be provisioned and kept up to date with the latest security, kernel and operating system updates. For some customers, with existing Oracle Linux deployments, there may already be a mechanism in place within their data centre environment to provide such services. For other customers, perhaps new to Oracle Linux, no such data centre service may be available.
Oracle Linux Manager provides an effective set of tools for managing the Oracle Linux software life cycle. Oracle Linux Manager also helps automate kickstart installations, system configuration maintenance tasks, and run automatic OpenSCAP audits against industry-standard security checklists and evaluation profiles. This enables an IT systems administrator with the tools to rapidly deploy proven and consistent software configurations for Oracle Linux systems.
This article covers the how the use of Oracle Linux Manager can provide such services within an Oracle Private Cloud Appliance, from a single set of utility virtual machines (VM's).
A central task for IT administrators is to provision systems and keep them up to date with the latest patches and operating system updates. If the security policy at your site regards operating system errata as critical, it is crucially important to conduct regular testing and apply patches to reduce the risk of systems vulnerabilities or data breaches. As data centers expand, administrators are required to manage even greater numbers of physical servers and virtual machines. As a result, automation becomes a necessity for efficient and cost-effective systems management. Oracle Linux Manager 2.10, based on the Spacewalk open source software, helps automate Oracle Linux systems management, thereby enabling you to control the system software life cycle, from initial installation, through maintenance, software configuration, upgrades, and eventual decommissioning.
Oracle Linux Manager administrators retain complete control over the frequency with which updates are acquired from the public Oracle Linux repositories AND the frequency with which any updates are "pushed", or "pulled" from the Oracle Linux Manager server to Oracle Linux clients.
As illustrated in the following figure, during the typical life cycle of a system, you can use Oracle Linux Manager to simplify several system management tasks, such as installing bare metal systems and virtual guests, applying patches and software updates, configuring software, and auditing system security.
Oracle Linux Manager consists of a typical three-tier application architecture all contained within the Oracle Linux Manager server.
Each tier consists of the following components:
* NOTE: For larger deployments the database service can be located on its own independent system.
A number of architectural deployment patterns can be used:
Simple deployment with a single Oracle Linux Manager server that has several clients.
More complex deployment with one Oracle Linux Manager server and multiple Oracle Linux Manager proxies, where each proxy has several clients.
Deployment with two Oracle Linux Manager servers, each at different sites, where the server at one site acts as the primary server, while the server at the other site acts as a secondary or worker server. Inter-server synchronisation (ISS) is used to manage channel content, channel permissions, and organisational trust settings between the two servers.
Please read the Oracle Linux Manager documentation from the Oracle Documentation Library for further information. Specifically, the Oracle Linux Manager resources below are recommended:
Oracle Linux Premier Support is included with a support subscription for each Oracle Private Cloud Appliance. This covers the unlimited use of Oracle Linux within the Oracle PCA itself and restricted use of the following: -
The Oracle PCA Licensing Information User Manual provides further details.
A local Oracle Linux Manager system within an Oracle PCA would be able to provide the full life cycle management services for any Oracle Linux VMs within the Oracle PCA. Only the Oracle Linux Manager server will need access to the public facing Oracle Linux repositories.
Each Oracle Linux VM client within the Oracle PCA would only have to reference the PCA Oracle Linux Manager server VM to gain access to the latest software and errata updates as published by Oracle, and downloaded by the Oracle Linux Manager service.
To provide an appropriate Oracle Linux client life cycle management service, an Oracle Linux Manager server can be installed and configured on a utility VM, or VMs, within the Oracle PCA.
To provide an Oracle Linux Manager environment within the PCA requires the following: -
Follow the steps below to create the base Oracle Linux Manager services (package updates only): -
spacewalk-common-channels --list | grep "oracle"
Then use the 'spacewalk-common-channels' command to create both the Linux Channels and the associated Repositories, e.g: -
spacewalk-common-channels -v -u <olm_admin_user> -p <olm_admin_user_password> -a x86_64 -k unlimited 'oraclelinux6*'
spacewalk-common-channels -v -u <olm_admin_user> -p <olm_admin_user_password> -a x86_64 -k unlimited 'oraclelinux7*'
spacewalk-common-channels -v -u <olm_admin_user> -p <olm_admin_user_password> -a x86_64 -k unlimited 'oraclelinux8*'
The final step is now to configure the Oracle Linux VM clients to use the local Oracle Linux Manager service.
The Oracle Linux Manager server will be a client of itself, rather than registered with ULN or configured to use yum.oracle.com. The same approach is used for the Oracle Linux Manager server, its database VM and the Oracle Linux client VMs.
Beginning from Oracle Linux 7 Update 1, and on Oracle Linux 8 Update 2 updated with the latest packages from either ULN or yum.oracle.com, you can register a client prior to installing the client software. Previously, client software installation was a prerequisite to registration.
Two simple commands are required: -
NOTE: The activation key (--activationkey=1-oraclelinux7-x86_64) will change depending on whether the new Oracle Linux client system is Oracle Linux 7 or Oracle Linux 8 based.
Once registered, the following yum updates need to be run:
For Oracle Linux 7 based systems, use:
For Oracle Linux 8 based systems, use:
If the Oracle Linux instance is outside of the above criteria, then the process is reversed; Install the rpm packages, using the normal yum install process, then the register with the Oracle Linux Manager server - the same commands are used - but with a Channel specific activation key.
The final step in this journey is to install and enable the Oracle Linux Manager daemon, which allows the Oracle Linux Manager server to schedule and "push" updates to any given managed client host.
This is NOT a mandatory step. Manual administration of each Linux operating system instance is possible using a 'yum update", or "yum install" as and when required by the system administrator.
However, enabling the Oracle Linux Manager daemon will permit remote patch management on a scheduled, and controlled, basis to occur on multiple systems literately at the click of a button.
To install the Oracle Linux Manager daemon, use the following commands:
For Oracle Linux 5, 6 or 7 systems: -
For Oracle Linux 7 or 8 systems: -
Now enjoy the new Oracle Linux Manager services !!
A Technical Brief providing more detailed instructions on the installation and configuration of this service is forthcoming. Please watch this blog for updates.
The following resource links provide additional information: -