Spacewalk
Spacewalk is the large-scale deployment and management tool for RHEL systems used at FOOBAR INC.
Spacewalk is a network-wide system deployment and maintenance tool. It allows sysadmins to efficiently perform identical operations on multiple systems. The machine running spacewalk is aptly named spacewalk.http://jimkinney.us which is an alias for gripper.http://jimkinney.us
Spacewalk provides
Package management
Each system managed by Spacewalk is subscribe to a software channel. The channel is comprised of specific applications and configuration files. This provides for group consistency within a specific channel. When a package update becomes available, the spacewalk admin can make it universally available or it can be applied only to specific channels (like "testing"). Updates can be "pushed" to subscribed machines using Spacewalk.Configuration management
Spacewalk can provide configuration management in the same manner as packages. The configuration files, typically the ones in/etc
, have a master version on the Spacewalk server. If it needs to be changed, it can quickly be pushed to all subscribed machines. Additionally, this can be used to keep a machine in configuration compliance by automatically replacing any changed configuration files with official versions.System status reporting
The front page of the Spacewalk application is an overall status report. It is easy to see which machines have outstanding updates or have not reported in over the last reporting period. Additionally, machines can be assigned to owners and the owners will receive an email report when a system is not fully updated or out of configuration compliance.Remote commands
Spacewalk supports a remote command process. An admin provides a tested, ready to run script that Spacewalk then pushes to all chosen machines and executes. If it can be scripted, it can be run remotely from Spacewalk.Remote commands are currently not enabled at FOOBAR INC
Spacewalk client setup
yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin
Installs all client-side toolsrhnreg_ks --serverUrl=
http://spacewalk/XMLRPC
--activationkey=<key-with-custom-channel>
Register the client with the spacewalk serverActivation keys:
Description
Key
64bit Server
1-f52c174a86b1b864d5e9002e2a2b29da
64bit Client
1-ff9ac78ae746eeb7b0b4c1e2f6017d6f
64bit Cluster Nodes
1-09ca1a3d500a183ab0618a5c1d2f984a
Or you can run this script to set up 64 bit workstation:- http://yum/pub/rhel5/config-files/subscribe_to_spacewalk.sh which is a symlink to /usr1/ftp/pub/rhel5/config-files/manage-files/root/util/subscribe_to_spacewalk.sh on chinook
Spacewalk Tabs
Systems
Comparing packages
Using spacewalk you can compare packages installed on a system to those installed on another system or to a saved package profile.
Once you have the system you want to compare selected, then choose Software
. From here you should click the Compare Package Profiles / Manage Package Profiles
. Here you can select the other system you want to compare to.
System Groups
Spacewalk allows systems to be grouped arbitrarily. The systems can be members of more than one system group at a time. FOOBAR INC uses this feature to provide branch level grouping of systems. This allows us to target and manage different groups of machines easily. Instead of having to deploy a configuration file to each machine individually we can treat a group of machines as one machine using system groups. Currently the following system groups are configured:
Group |
Description |
---|---|
ANT |
Antennas systems |
SIS Developer |
SIS Developer systems |
SIS Infrastructure |
SIS Infrastructure systems |
FOOBAR INC Infrastructure |
FOOBAR INC Infrastructure systems |
FOOBAR INC Testers |
FOOBAR INC Updates Testers |
FOOBAR INC Workstations |
FOOBAR INC Workstations |
FOOBAR INC Computational |
FOOBAR INC Computational Systems |
Errata
Errata are update notifications generated by RedHat. We use errata to know what updates fix what vulnerabilities and which systems are affected. The errata are automatically uploaded to the spacewalk server nightly. Currently this is performed by a cron job running out of /etc/cron.d/errataUpdate in a two step process. One step downloads from rhn.redhat.com and the other step uploads to spacewalk.http://jimkinney.us, both use a dedicated user.
Channels
Software in spacewalk is managed as part of software channels. Each system can only be subscribed to one base software channel at a time. We use software channels to separate our testers from the rest of the lab. Additionally we separate cluster packages so that we can keep cluster systems locked on certain software packages. Our currently configured software channels are:
Channel |
Description |
---|---|
RHEL5 - Approved x86 |
Approved software for x86 systems |
RHEL5 - Approved x86_64 |
Approved software for x86_64 systems |
RHEL5 - Certified x86_64 |
Certified software for x86_64 systems |
RHEL5 - Cluster x86_64 |
Cluster software for x86_64 systems |
RHEL5 - Approved x86 |
Software in testing for x86 systems |
RHEL5 - Testing x86_64 |
Software in testing for x86_64 systems |
The packages in each channel is managed by our updates policy which moves packages between testing and approved. Packages in the cluster and certified channel are managed manually. |
Audit
The audit tab is used extensively in other deployments of spacewalk but it is not utilized on https://spacewalk.http://jimkinney.us/. It is an interface to view the audit logs aggregated from multiple systems within spacewalk.
Logs
The logs tab is used extensively in other deployments of spacewalk but it is not utilized on https://spacewalk.http://jimkinney.us/. It is an interface to view the system logs aggregated from multiple systems within spacewalk.
Configuration
Spacewalk supports configuration channels as a means to manage configuration files on each system. Each configuration channel can be associated with multiple systems and each system can have multiple configuration channels. If two configuration channels provide the same file the configuration channel with a higher priority has its file deployed on the system. Additionally systems may be configured with system specific configuration files; these files will always override other configuration channel files. The currently configured configuration channels are:
Channel Name |
Description |
---|---|
Cluster Master |
Files for cluster master nodes |
Cluster Node |
Files for cluster nodes |
Common |
Files common to all systems |
HTTP Server |
HTTP Server files |
LDAP Auth |
Files for authenticating to ldap |
Server |
Files specific to servers |
SIS Build Server |
Files for SIS Build servers |
SIS Common |
Files common to all of SIS |
SIS Development |
Files for SIS development |
SIS Workstation |
Files for SIS workstations |
SNMP Monitored |
Systems monitored by SNMP |
Workstation |
FOOBAR INC Workstations |