FeAtures spacewalk © patrimonio designs patrimonio © Managing Linux systems with Spacewalk Moon Landing When your system landscape reaches a certain size, managing Linux systems manually is time-consuming and impractical. enter spacewalk: an open source tool that takes the footwork out of network management. By thorsten scherf Spacewalk [1] is the open source first has to register with the server. nels. The base channel contains the derivative of the popular Red Hat Net- Registration can be based either on RPM-based operating system, such work Satellite Server. Red Hat pub- a username/ password combination as Red Hat Enterprise Linux, Fedora, lished the source code for the server or an activation key that is pregener- or CentOS. The subchannels contain in the summer of 2008, and the com- ated by the Spacewalk server. After additional software packages that are munity has now released version 1.0. registration, the system appears in the independent of the operating system, The application’s core tasks include server’s web GUI. such as the Red Hat Cluster Suite or RPM package software provisioning, If the server has more resources, you the 389 Directory Server. managing configuration files, and can assign them to the system at this Spacewalk can clone existing chan- kickstart trees, thus supporting the point. Resources include software nels and create new channels from installation of bare-metal systems. packages or configuration files that scratch. This feature gives you full The approach that Spacewalk uses are normally organized in channels. control of the software stack that you is quite simple: Before a system can A system always has exactly one provide via Spacewalk. Configura- access Spacewalk’s resources, it base channel with optional subchan- tion channels help you distribute the 2 Issue 01-2010 AdmIn spacewalk FeAtures configuration files for the software command centrally on the Spacewalk [4], or CentOS [3] Linux. Note that packages. Spacewalk also keeps older server. Spacewalk does need a current Java versions of the files to let you roll Installing new systems is also quite Runtime Version 1.6.0 or newer. You back to a previous version at any time simple. Spacewalk has the installation can use the Open JDK for this; Fedora if the need arises. files you need in the form of kickstart includes it out of the box. Admins The software packages or configura- trees. The installation candidate uses on RHEL or CentOS can retrieve the tion files can be installed either via a boot medium such as a CD, a USB package via the additional EPEL (Ex- the target system or centrally in the stick, or a PXE-capable network card tra Packages for Enterprise Linux) Spacewalk web front end. To avoid to contact the server. The First-Stage software repository. spending too much time on the instal- Installer, which is part of the instal- Besides the Java package, an Oracle lation of a large number of systems, lation medium, defines which server 10g database is also required for you can assign systems to logical will handle the installation. installing Spacewalk. Oracle XE pro- groups and apply the installation of The remaining installation steps are vides a free version of the database. a resource to a group. For example, it handled by the Second-Stage Installer, The developers are currently working might make sense to assign all your located on the Spacewalk server and hard on implementing support for an web servers to a WWW-Server group transferred to the client system when open source database after identify- in Spacewalk. When a new version of the installation starts. If you want to ing PostgreSQL as the best alterna- the web server software is released, automate the installation fully, define tive to Oracle. As of this writing it is you would simply tell Spacewalk to the kickstart file location in the boot hard to say when official support for apply the update to the group, au- medium. The kickstart file is a kind of PostgreSQL will be available, but it tomatically updating all the systems answer file that describes the proper- makes sense to check the roadmap belonging to the group. ties of the installation candidate, such [5] or the mailing lists [6] at regular The installation uses polling by as partitioning, software, language, intervals. default; in other words, the client and firewall settings. Of course, you systems query the server at a pre- can create a kickstart file on the Oracle XE defined interval (which defaults to Spacewalk server and just include a four hours) to see if new actions have link to the file on the boot medium. After installing the repository RPM been defined since the last poll. If so, Spacewalk can manage any RPM- for your distribution, the first step is Spacewalk then runs these actions. based distribution. You even have to install Oracle Express, which you As an alternative, you can trigger the the option of operating client systems can download for free [7]. You will installation of software packages and across multiple organizations. Using need version 10.2.0.1. Besides the other actions using a push approach. the web interface, the administrator database, you also need the oracle-in- The client system and the Spacewalk creates various organizations and as- stantclient-basic and oracle-instant- server talk to each other constantly signs a certain number of system en- client-sqlplus, which you can then using the Jabber protocol. Any new titlements to them. Entitlements are install with Yum: actions you define are immediately linked to certificates that Spacewalk yum localinstall --nogpgcheck U run on the client by Spacewalk. automatically generates during the in- oracle-xe-univ*.rpm stallation. You can then add users to oracle-instantclient-basic*.rpm Ground Control the organizations. oracle-instantclient-sqlplus*.rpm If a client is registered with a user Communications are always from the account from a specific organiza- Before configuring the database, you client to the server; this is important tion, the system is assigned to this should make sure that your hostname with respect to firewall rules. A list organization. When users from the points to the correct IP address in of the network ports you need to en- organization logs into the Spacewalk your /etc/hosts to avoid problems able can be found online [2]. Besides server, they will only see the systems software package or configuration in their own organization. This fea- Listing 1: Oracle Listener Configuration file installation, actions can also run ture is useful if you manage multiple cat >> /etc/tnsnames.ora << 'EOF' arbitrary commands on the individual departments and prefer to manage the XE = systems via the Spacewalk server. systems in the individual departments (DESCRIPTION = For example, after creating a new separately. You just assign them to (ADDRESS_LIST = ( ADDRESS = (PROTOCOL = TCP)(HOST = localhost) configuration file for your web serv- different organizations, which, of (PORT = 1521)) ers and distributing it to the systems, course, you need to create up front. ) you need to restart the web server (CONNECT_DATA = process to parse the new configura- Installation (SERVICE_NAME = xe) tion instructions. Instead of logging ) in to each individual system or using Spacewalk can be installed on Red ) a for loop, simply issue the restart Hat Enterprise (RHEL) [3], Fedora EOF AdmIn Issue 01-2010 3 FeAtures spacewalk with the Oracle Listener configuration the appropriate repository in /etc/ you can set up subchannels for the later on. Use the following parameters yum.repos.d/. The following com- base channel and assign the subchan- for the configuration: mand starts the installation: nels to clients as needed. After doing so, you can use the subchannels to HTTP port for Oracle Application U yum install spacewalk-oracle distribute more RPM packages to the Express: 9055 Database listener port: 1521 Because this package depends on all systems. The packages can be your Password for SYS/SYSTEM: Password the other Spacewalk packages, the own creations or RPMs from other Start at boot: y package manager will automatically repositories. The default HTTP port for the Oracle download and install the dependen- The easiest approach to setting up a Express application (8080) is already cies in the next step. Then you can software channel is to use the web in- occupied by the Tomcat application configure the application interactively terface (Channels | Manage Software server, so you need to choose an al- with the setup tool or with the use of Channels | Create; Figure 1). Thanks ternative port to avoid conflicts. an answer file (Listing 4). to the Spacewalk API, you can also To talk to the database, you need to Pass the file in to the setup tool as script this process [8]. Call the script configure the listener in the /etc/ follows: as follows: tnsnames.ora file (Listing 1). spacewalk-setup --disconnected U create_channel.py --label=fedora-12-i386 U Now you just need to make a few --answer-file=answerfile --name "Fedora 12 32-bit" U changes to the database. To do this, --summary "32-bit Fedora 12 channel" log in to the database with sqlplus The configuration can take some time and create a spacewalk user, to which to complete as the process sets up In the script, you need to provide you could assign a password of the database tables. The setup tool the Fully Qualified Domain Name spacewalk (Listing 2). then launches all the required ser- (FQDN) for the Spacewalk server The standard configuration of Oracle vices. You can manually restart using and the user account for creating Express supports a maximum of 40 the /usr/sbin/rhn-satellite tool. the channels, such as the Spacewalk simultaneous connections, which is To configure the system, launch the administrator account created previ- not enough for Spacewalk operations.