Redhat satellite / Spacewalk – automatically patch clients
Posted by danielJan 16
Redhat satellite or Spacewalk – real time push to clients.
By default, a client waits for a set of interval (minutes) configured in /etc/sysconfig/rhn/rhnsd to pull scheduled tasks from satellite server. For instance, if a remote command is set to be executed on client or a patch is waiting to be applied, rhn_check has to wait at least for 60 minutes to pick up the task.
For real time command execution or patch or configuration deployment, the following steps have to be performed on server and client –
1. Server : Install osa-dispatcher
root:homevm:~:# rpm -q osa-dispatcher osa-dispatcher-5.11.43-1.el6.noarch root:homevm:~:# service osa-dispatcher status root:homevm:~:# chkconfig osa-dispatcher on root:homevm:~:# chkconfig osa-dispatcher --list osa-dispatcher 0:off 1:off 2:on 3:on 4:on 5:on 6:off
2. Client : Install and enable osad (OSA daemon).
# yum install osad -y # chkconfig osad on # /etc/init.d/osad restart
3. Client : Make sure the deploy and run options are enabled –
# rhn-actions-control --enable-run # rhn-actions-control --enable-deploy # rhn-actions-control --report deploy is enabled diff is enabled upload is enabled mtime_upload is enabled run is enabled
Extra steps in case you encounter SSL certificate issues –
OSA is picky on SSL certificte verification, make sure the right CA cert is deployed on client, and the serverURL on up2date should match with the CN on the server certificate.
1. Copy RHN certificate from satellite server to client, make sure the cert has not expired and the CN matches server name.
root:homevm:~:# openssl x509 -in /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT -noout -subject subject= /C=US/ST=CA/L=SanFrancisco/O=home.net/OU=spacewalk.home.net/CN=homevm.home.net root:homevm:~:# openssl x509 -in /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT -noout -dates notBefore=Aug 2 06:04:05 2014 GMT notAfter=Jul 27 06:04:05 2036 GMT root:homevm:~:# scp /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT root@client:/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT [root@blackhat rpm-gpg]# grep -i serverurl /etc/sysconfig/rhn/up2date serverURL=http://homevm.home.net/XMLRPC
2. If you get certificate error, during package deployment, copy the RPM GPG public keys from satellite to the clients
On Server side –
root:homevm:/etc/pki/rpm-gpg:# ls -al RPM-GPG-KEY-* -rw-r--r-- 1 root root 1706 Nov 30 2013 RPM-GPG-KEY-CentOS-6 -rw-r--r-- 1 root root 1730 Nov 30 2013 RPM-GPG-KEY-CentOS-Debug-6 -rw-r--r-- 1 root root 1730 Nov 30 2013 RPM-GPG-KEY-CentOS-Security-6 -rw-r--r-- 1 root root 1734 Nov 30 2013 RPM-GPG-KEY-CentOS-Testing-6 -rw-r--r-- 1 root root 1649 Nov 4 2012 RPM-GPG-KEY-EPEL-6 -rw-r--r-- 1 root root 1011 Feb 5 2011 RPM-GPG-KEY-oracle root:homevm:/etc/pki/rpm-gpg:# scp RPM-GPG-KEY-* root@client:/etc/pki/rpm-gpg On client side - [bash] # rpm --import RPM-GPG-KEY-CentOS-*
No comments
You must be logged in to post a comment.