Linux Training : a. Spacewalk overview

Spacewalk

Spacewalk is the large-scale deployment and management tool for RHEL systems used at FOOBAR INC.

Spacewalk is a network-wide system deployment and maintenance tool. It allows sysadmins to efficiently perform identical operations on multiple systems. The machine running spacewalk is aptly named spacewalk.http://jimkinney.us which is an alias for gripper.http://jimkinney.us

Spacewalk provides

  • Package management

    Each system managed by Spacewalk is subscribe to a software channel. The channel is comprised of specific applications and configuration files. This provides for group consistency within a specific channel. When a package update becomes available, the spacewalk admin can make it universally available or it can be applied only to specific channels (like "testing"). Updates can be "pushed" to subscribed machines using Spacewalk.
  • Configuration management

    Spacewalk can provide configuration management in the same manner as packages. The configuration files, typically the ones in /etc, have a master version on the Spacewalk server. If it needs to be changed, it can quickly be pushed to all subscribed machines. Additionally, this can be used to keep a machine in configuration compliance by automatically replacing any changed configuration files with official versions.
  • System status reporting

    The front page of the Spacewalk application is an overall status report. It is easy to see which machines have outstanding updates or have not reported in over the last reporting period. Additionally, machines can be assigned to owners and the owners will receive an email report when a system is not fully updated or out of configuration compliance.
  • Remote commands

    Spacewalk supports a remote command process. An admin provides a tested, ready to run script that Spacewalk then pushes to all chosen machines and executes. If it can be scripted, it can be run remotely from Spacewalk.

    Remote commands are currently not enabled at FOOBAR INC

Spacewalk client setup

  • yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin
    Installs all client-side tools
  • rhnreg_ks --serverUrl=http://spacewalk/XMLRPC --activationkey=<key-with-custom-channel>
    Register the client with the spacewalk server

    Activation keys:

    Description

    Key

    64bit Server

    1-f52c174a86b1b864d5e9002e2a2b29da

    64bit Client

    1-ff9ac78ae746eeb7b0b4c1e2f6017d6f

    64bit Cluster Nodes

    1-09ca1a3d500a183ab0618a5c1d2f984a



    Or you can run this script to set up 64 bit workstation:
  • http://yum/pub/rhel5/config-files/subscribe_to_spacewalk.sh which is a symlink to /usr1/ftp/pub/rhel5/config-files/manage-files/root/util/subscribe_to_spacewalk.sh on chinook

Spacewalk Tabs

Systems

Comparing packages

Using spacewalk you can compare packages installed on a system to those installed on another system or to a saved package profile.

Once you have the system you want to compare selected, then choose Software. From here you should click the Compare Package Profiles / Manage Package Profiles. Here you can select the other system you want to compare to.

System Groups

Spacewalk allows systems to be grouped arbitrarily. The systems can be members of more than one system group at a time. FOOBAR INC uses this feature to provide branch level grouping of systems. This allows us to target and manage different groups of machines easily. Instead of having to deploy a configuration file to each machine individually we can treat a group of machines as one machine using system groups. Currently the following system groups are configured:

Group

Description

ANT

Antennas systems

SIS Developer

SIS Developer systems

SIS Infrastructure

SIS Infrastructure systems

FOOBAR INC Infrastructure

FOOBAR INC Infrastructure systems

FOOBAR INC Testers

FOOBAR INC Updates Testers

FOOBAR INC Workstations

FOOBAR INC Workstations

FOOBAR INC Computational

FOOBAR INC Computational Systems

Errata

Errata are update notifications generated by RedHat. We use errata to know what updates fix what vulnerabilities and which systems are affected. The errata are automatically uploaded to the spacewalk server nightly. Currently this is performed by a cron job running out of /etc/cron.d/errataUpdate in a two step process. One step downloads from rhn.redhat.com and the other step uploads to spacewalk.http://jimkinney.us, both use a dedicated user.

Channels

Software in spacewalk is managed as part of software channels. Each system can only be subscribed to one base software channel at a time. We use software channels to separate our testers from the rest of the lab. Additionally we separate cluster packages so that we can keep cluster systems locked on certain software packages. Our currently configured software channels are:

Channel

Description

RHEL5 - Approved x86

Approved software for x86 systems

RHEL5 - Approved x86_64

Approved software for x86_64 systems

RHEL5 - Certified x86_64

Certified software for x86_64 systems

RHEL5 - Cluster x86_64

Cluster software for x86_64 systems

RHEL5 - Approved x86

Software in testing for x86 systems

RHEL5 - Testing x86_64

Software in testing for x86_64 systems

The packages in each channel is managed by our updates policy which moves packages between testing and approved. Packages in the cluster and certified channel are managed manually.

Audit

The audit tab is used extensively in other deployments of spacewalk but it is not utilized on https://spacewalk.http://jimkinney.us/. It is an interface to view the audit logs aggregated from multiple systems within spacewalk.

Logs

The logs tab is used extensively in other deployments of spacewalk but it is not utilized on https://spacewalk.http://jimkinney.us/. It is an interface to view the system logs aggregated from multiple systems within spacewalk.

Configuration

Spacewalk supports configuration channels as a means to manage configuration files on each system. Each configuration channel can be associated with multiple systems and each system can have multiple configuration channels. If two configuration channels provide the same file the configuration channel with a higher priority has its file deployed on the system. Additionally systems may be configured with system specific configuration files; these files will always override other configuration channel files. The currently configured configuration channels are:

Channel Name

Description

Cluster Master

Files for cluster master nodes

Cluster Node

Files for cluster nodes

Common

Files common to all systems

HTTP Server

HTTP Server files

LDAP Auth

Files for authenticating to ldap

Server

Files specific to servers

SIS Build Server

Files for SIS Build servers

SIS Common

Files common to all of SIS

SIS Development

Files for SIS development

SIS Workstation

Files for SIS workstations

SNMP Monitored

Systems monitored by SNMP

Workstation

FOOBAR INC Workstations