legacy-wiki
Lab satellite
Recovered from the older tannerjc.net wiki snapshot dated January 23, 2016.
General
spacecmd
http://github.com/aparsons/spacecmd
KVM: private network for clients
bootstrap stuff
config channel access
/var/www/html/pub/bootstrap
rhn-bootstrap --allow-remote-commands --allow-config-actions
vi /var/www/html/pub/bootstrap/bootstrap.sh
#then add this to your %post
wget -qO- http://your-statserver/pub/bootstrap/bootstrap.sh | /bin/bash
enabling cobbler webui
https://fedorahosted.org/cobbler/wiki/CobblerWebInterface
[root@satellite ~]# diff /etc/cobbler/settings /etc/cobbler.05-18-2010/settings
270c270
redhat_management_permissive: 1
---
redhat_management_permissive: 0
[root@satellite ~]# service cobblerd restart
Stopping cobbler daemon: [ OK ]
Starting cobbler daemon: [ OK ]
[root@satellite ~]#
Now visit: https://satellite.sat53.net/cobbler/web/index
Reactivating a satellite
rhn-satellite-activate –rhn-cert=path-to-cert -vvv
remote command issues
Missing database values
SQL SELECT version,CN.NAME FROM rhnClientCapability CC, rhnClientCapabilityName CN WHERE server_id = 1000010004 AND CN.id = CC.capability_name_id;
VERSION NAME
-------------------------------- --------------------------------
1 caneatCheese
1 kickstart.initiate
1 kickstart_guest.initiate
2 packages.extended_profile
1 packages.rollBack
1 packages.runTransaction
2 packages.update
1 packages.verify
1 packages.verifyAll
1 reboot.reboot
10 rows selected.
System says that remote scripts are enabled …
[root@localhost ~]# rhn-actions-control --report
deploy is enabled
diff is enabled
upload is enabled
mtime_upload is enabled
run is enabled
- Lessons**
- activation keys must be preceded by orgid-, example: 1-rhel5x8664
- registering a system multiple times without deleting it will mess up the rhnClientCapabilities table
table info
- rhnksdata - kickstart information
su - oracle
sqlplus rhnsat/rhnsat@rhnsat
set pagesize 1000;
set linesize 1000;
select id, label, cobbler_id from rhnksdata order by id;
external database info
** Database: Setting up database connection.
DB User? rhnsat
DB Password?
DB SID? rhnsat
DB hostname? database.sat53.net
DB port [1521]?
DB protocol [TCP]?
Initial satellite setup
Create guests
- RHEL4, 1GB RAM, 200GB drive
- RHEL5, 1GB RAM, 200GB drive
- remove sound card device
Update base system and get necessary packages
- RHEL4
- install @base
- up2date -uf
- up2date perl-XML-LibXML-Common
- up2date rpm-build
- rpm -e –nodeps specspo
- RHEL5
- deselect every package group besides base
- yum update
- rpm -e –nodeps specspo
validate hostname, fqdn and ntp setup
- /etc/sysconfig/network
- /etc/hosts
- hostname
- ping hostname
- setup ntp client
create private network
- http://kbase.redhat.com/faq/docs/DOC-9766
- Usable private IP blocks
- 10.0.0.0/8 (10.0.0.0 to 10.255.255.255)
- 172.16.0.0/12 (172.16.0.0 to 172.31.255.255)
- 192.168.0.0/16 (192.168.0.0 to 192.168.255.255)
- Create an xml file for the network
[root@f12box ~]# cat /root/virbr-sat4.xml
network
namevirbr-sat4/name
uuid/uuid
bridge forwarddelay=0 stp=on name=virbr1
ip netmask=255.0.0.0 address=10.0.0.1
/ip
/bridge
/network
[root@f12box ~]# virsh
virsh # net-define /root/virbr-sat4.xml
Network virbr-sat4 defined from /root/virbr-sat4.xml
virsh # net-start virbr-sat4
Network virbr-sat4 started
virsh # net-autostart virbr-sat4
virsh # net-list
Name State Autostart
-----------------------------------------
default active yes
virbr-sat4 active yes
- use virt-manager or virsh-edit to add the new bridge to the satellite guest with a new NIC device
- add gateway IP to /etc/sysconfig/network
- remove gateway from /etc/sysconfig/network-scripts/ifcfg-eth1
[root@jtsat ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
- clients
- set static IP of 10.0.0.100
- define the gateway as the satellite [10.0.0.5] in /etc/sysconfig/network
- add 10.0.0.5 jtsat.dj.edm jtsat to /etc/hosts
get installer ISO, mount and run installer script
- mkdir /mnt/ISO
- mount 192.168.1.14:/ISO /mnt/ISO/
- cd /mnt/ISO
[root@jtsat ISO]# mkdir /mnt/satellite
[root@jtsat ISO]# mount -t iso9660 -o loop rhn-satellite-4.2.2-5-redhat-linux-as-i386-4-embedded-oracle.iso /mnt/satellite/
[root@jtsat ISO]# cd /mnt/satellite
[root@jtsat satellite]# ./install.pl
- RHEL4: up2date -uf
- RHEL5: yum update
- service rhn-satellite restart
get channel ISOs and sync
[root@f12box dump-rhel-x86_64-5]# mkdir /mnt/1TB/redhat/satellite-dumps/extract
[root@f12box dump-rhel-x86_64-5]# for i in `ls /mnt/1TB/redhat/satellite-dumps/
dump-rhel-x86_64-5/ extract/
[root@f12box dump-rhel-x86_64-5]# for i in `ls /mnt/1TB/redhat/satellite-dumps/dump-rhel-x86_64-5/*.iso`; do \
echo $i; mount -t iso9660 -o loop $i /mnt/test; cp -ruv /mnt/test/* /mnt/1TB/redhat/satellite-dumps/extract/; \
umount /mnt/test; done;
[root@f12box dump-rhel-x86_64-5]# cp -rp /mnt/1TB/redhat/satellite-dumps/extract /ISO/
[root@jtsat ~]# satellite-sync --list-channels
[root@jtsat ~]# satellite-sync -c rhel-x86_64-server-5 -m /mnt/ISO/extract/
00:07:10 Importing kickstartable trees (3)
00:07:11 Imported kickstartable trees (3)
Import complete:
Begin time: Sat Mar 27 22:44:05 2010
End time: Sun Mar 28 00:07:11 2010
Elapsed: 1 hours, 23 minutes, 5 seconds
[root@jtsat ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
195G 20G 166G 11% /
/dev/hda1 99M 13M 81M 14% /boot
none 494M 0 494M 0% /dev/shm
192.168.1.14:/ISO 449G 33G 394G 8% /mnt/ISO
bootstrap guest on private net
- make an activation key that includes at least a base channel
- create bootstrap script on server: rhn-bootstrap –activation-key=rhel5_x86-64-base
[root@localhost ~]# wget --no-check-certificate https://jtsat.dj.edm/pub/bootstrap/bootstrap.sh
- wget will show no errors and download nothing if you don’t use the –no-check as shown in the example commands contained in bootstrap.sh
Updating package profile...
Updating hardware profile...
Loaded plugins: rhnplugin, security
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-x86_64-server-5. Please verify its path and try again
-bootstrap complete-
troubleshooting
- installer problems
- /var/log/rhn/rhn-installation.log
Satellite upgrade
docs and instructions
http://kbase.redhat.com/faq/docs/DOC-11042
[jtanner@f12box Downloads]$ rpm2cpio rhn-upgrade-5.3.0.24-1.el5sat.noarch.rpm | cpio -idv
./etc/sysconfig/rhn/satellite-upgrade/README
...
./etc/sysconfig/rhn/satellite-upgrade/rhn-satellite-5-upgrade-scenario-1a.txt
./etc/sysconfig/rhn/satellite-upgrade/rhn-satellite-5-upgrade-scenario-1b.txt
...
supportability
The following are instructions for upgrading from an RHN Satellite v3.x, 4.x or 5.x to v5.3 [...]
Satellite 5.1 introduced new architecture support. Below is the supported
architecture upgrade scenarios:
1. upgrading embedded i386 to embedded i386 is supported
2. upgrading embedded i386 to embedded x86_64 is supported
3. upgrading embedded i386 to embedded s390 is NOT supported
4. upgrading embedded i386 to embedded s390x is NOT supported
5. upgrading external i386 to external * is supported
6. upgrading external i386 to embedded DB is NOT supported
7. upgrading embedded i386 to external DB is NOT supported
backup database
[root@jtsat ~]# su - oracle
-bash-3.00$ mkdir /tmp/db-backup-2010-03-27-21-37
-bash-3.00$ db-control backup /tmp/db-backup-2010-03-27-21-37/
-bash-3.00$ du -sh db-backup-2010-03-27-21-37
762M db-backup-2010-03-27-21-37
-bash-3.00$ db-control examine /tmp/db-backup-2010-03-27-21-37
run installer on new sat server
[root@jtstat satellite]# mount -o loop /tmp/redhat-rhn-satellite-5.3-server-x86_64-5-embedded-oracle.iso /mnt/satellite/
[root@jtstat satellite]# cd /mnt/satellite/
[root@jtstat satellite]# ./install.pl
[root@jtstat satellite]# yum install rhn-upgrade
[root@jtstat satellite]# /usr/sbin/rhn-satellite stop
copy/restore files
- export nfs shares from old sat server
[root@jtsat ~]# cat /etc/exports
/tmp *(rw,sync)
/var *(rw,sync)
[root@jtsat ~]# ls -al /var/satellite/
total 20
drwxr-xr-x 4 apache root 4096 Mar 27 23:18 .
drwxr-xr-x 20 root root 4096 Mar 27 15:13 ..
drwxr-xr-x 3 apache root 4096 Mar 27 22:45 redhat
drwxr-xr-x 3 apache root 4096 Mar 27 23:18 rhn
[root@jtsat ~]# chmod -R 777 /var/satellite/
- mount shares on new sat
[root@jtstat satellite]# mkdir /mnt/oldsat
[root@jtstat satellite]# mkdir /mnt/oldsat/tmp
[root@jtstat satellite]# mkdir /mnt/oldsat/var
[root@jtstat satellite]# mount 192.168.1.68:/tmp /mnt/oldsat/tmp
[root@jtstat satellite]# mount 192.168.1.68:/var /mnt/oldsat/var
[root@jtstat satellite]# cp -rpv /mnt/oldsat/var/satellite/ /var/
[root@jtstat satellite]# chmod -R 755 /var/satellite
[root@jtstat satellite]# mv /root/ssl-build /root/ssl-build.bak
[root@jtstat satellite]# scp -rp root@192.168.1.68:/root/ssl-build /root/
[root@jtsat ~]# mv /etc/tnsnames.ora /etc/tnsnames.ora.bak
[root@jtsat ~]# scp -p root@192.168.1.68:/etc/tnsnames.ora /etc/.
[root@jtsat ~]# rpm -Uvh /root/ssl-build/jtsat/rhn-org-httpd-ssl-key-pair-jtsat-1.0-1.noarch.rpm
[root@jtsat ~]# cp -Rp /mnt/oldsat/var/www/html/pub /var/www/html/
restore database
[root@jtsat ~]# cp -rp /mnt/oldsat/tmp/db-backup-2010-03-27-21-37 /tmp/
[root@jtsat ~]# su - oracle
-bash-3.2$ db-control examine /tmp/db-backup-2010-03-27-21-37/
-bash-3.2$ exit
[root@jtsat ~]# runuser oracle -c 'mkdir /opt/apps/oracle/config/9.2.0
[root@jtsat ~]# su - oracle
-bash-3.2$ db-control restore /tmp/db-backup-2010-03-27-21-37
-bash-3.2$ exit
upgrade database
[root@jtsat ~]# touch /var/log/rhn/upgrade_db.log
[root@jtsat ~]# chmod 777 /var/log/rhn/upgrade_db.log
[root@jtsat ~]# su - oracle
-bash-3.2$ /bin/bash /usr/share/spacewalk/setup/oracle/upgrade-db.sh 21 | tee -a /var/log/rhn/upgrade_db.log
-bash-3.2$ file /opt/apps/oracle/web/product/10.2.0/db_1/lib/libclntsh.so.10.1 | awk '{print $3}'
64-bit
-bash-3.2$ cd /etc/sysconfig/rhn/satellite-upgrade/
-bash-3.2$ export ORACLE_SID=rhnsat
-bash-3.2$ sqlplus '/ as sysdba' @satellite-oracle-64bit-fix.sql
-bash-3.2$ exit
[root@jtsat ~]# /sbin/service oracle start
- check tablespace usage and extend and filled tables
[root@jtsat ~]# su - oracle
-bash-3.2$ db-control report
Tablespace Size Used Avail Use%
DATA_TBS 3.9G 1.1G 2.7G 29%
SYSAUX 250M 41.4M 208.5M 17%
SYSTEM 250M 205.6M 44.3M 82%
TOOLS 128M 2.7M 125.2M 2%
UNDO_TBS 1000M 786M 213.9M 79%
USERS 128M 64K 127.9M 0%
-bash-3.2$ db-control extend SYSTEM
Extending SYSTEM... done.
-bash-3.2$ db-control extend SYSTEM
Extending SYSTEM... done.
-bash-3.2$ db-control extend UNDO_TBS
Extending UNDO_TBS... done.
-bash-3.2$ db-control extend UNDO_TBS
Extending UNDO_TBS... done.
-bash-3.2$ db-control report
Tablespace Size Used Avail Use%
DATA_TBS 3.9G 1.1G 2.7G 29%
SYSAUX 250M 41.4M 208.5M 17%
SYSTEM 750M 205.7M 544.2M 27%
TOOLS 128M 2.7M 125.2M 2%
UNDO_TBS 1.9G 786.1M 1.1G 39%
USERS 128M 64K 127.9M 0%
- make sure there is enough temp tablespace available
-bash-3.2$ cd /etc/sysconfig/rhn/satellite-upgrade
-bash-3.2$ ORACLE_SID=rhnsat sqlplus -S '/ as sysdba' @satellite-temp_tbs.sql
TABLESPACE MB_TOTAL MB_FREE
------------------------------- ---------- ----------
TEMP_TBS 250 250
-bash-3.2$ db-control extend TEMP_TBS
Extending TEMP_TBS... done.
-bash-3.2$ db-control extend TEMP_TBS
Extending TEMP_TBS... done.
[root@jtsat ~]# /usr/sbin/rhn-satellite stop
[root@jtsat ~]# service oracle start
[root@jtsat ~]# satellite-5.3.0-schema-upgrade
Schema upgrade: [rhn-satellite-schema-4.2.1-2] - [satellite-schema-5.3.0.23-1.el5sat]
Searching for upgrade path: [rhn-satellite-schema-4.2.1-2] - [satellite-schema-5.3.0.23-1]
Searching for upgrade path: [rhn-satellite-schema-4.2.1] - [satellite-schema-5.3.0.23]
Searching for upgrade path: [rhn-satellite-schema-4.2] - [satellite-schema-5.3.0]
Searching for upgrade path: [rhn-satellite-schema-4.2] - [satellite-schema-5.3]
The path: [rhn-satellite-schema-4.2] - [rhn-satellite-schema-5.0] - [rhn-satellite-schema-5.1] - [rhn-satellite-schema-5.2] - [satellite-schema-5.3]
Planning to run sqlplus with [/var/log/spacewalk/schema-upgrade/20100328-060750-script.sql]
Hit Enter to continue or Ctrl+C to interrupt:
...
The database schema was upgraded to version [satellite-schema-5.3.0.23-1.el5sat].
[root@jtsat ~]# rhn-schema-version
5.3.0.23-1.el5sat
[root@jtsat ~]# rpm -q --qf '%{version}-%{release}\n' satellite-schema
5.3.0.23-1.el5sat
Convert /var/satellite
[root@jtsat ~]# grep default_db /etc/rhn/rhn.conf
default_db = rhnsat/rhnsat@rhnsat
[root@jtsat ~]# /usr/bin/update-5.3.0-packages --db=rhnsat/rhnsat@rhnsat --debug
[root@jtsat ~]# service oracle stop
[root@jtsat ~]# /usr/sbin/rhn-satellite start
rebuild search indexes
[root@jtsat ~]# service rhn-search cleanindex
Stopping rhn-search...
Stopped rhn-search.
Starting rhn-search...
redeploy config settings
[root@jtsat ~]# /usr/share/spacewalk/setup/upgrade/rhn-load-config.pl
- ignore errors
insert SSL cert into database
[root@jtsat ~]# /usr/sbin/rhn-satellite restart
[root@jtsat ~]# rhn-ssl-dbstore -vvv --ca-cert /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT
Update satellite monitoring scout setup
[root@jtsat ~]# /usr/share/spacewalk/setup/upgrade/rhn-update-monitoring.pl
[root@jtsat ~]#
[root@jtsat ~]# scp root@192.168.1.68:/home/nocpulse/.ssh/nocpulse-identity ~nocpulse/.ssh/.
root@192.168.1.68's password:
nocpulse-identity 100% 668 0.7KB/s 00:00
[root@jtsat ~]# scp root@192.168.1.68:/home/nocpulse/.ssh/nocpulse-identity.pub ~nocpulse/.ssh/.
root@192.168.1.68's password:
nocpulse-identity.pub 100% 607 0.6KB/s 00:00
Enable (or re-enable) monitoring and/or push functionality
[root@jtsat ~]# /usr/share/spacewalk/setup/upgrade/rhn-enable-monitoring.pl --enable-scout
[root@jtsat ~]# /sbin/service jabberd stop
[root@jtsat ~]# /sbin/service osa-dispatcher stop
[root@jtsat ~]# /usr/share/spacewalk/setup/upgrade/rhn-enable-push.pl
Update sendmail configuration
[root@jtsat ~]# rm -f /etc/smrsh/ack_enqueuer.pl
[root@jtsat ~]# ln -s /usr/bin/ack_enqueuer.pl /etc/smrsh/ack_enqueuer.pl
[root@jtsat ~]# /sbin/service sendmail restart
Verify rhn.conf settings
[root@jtsat ~]# /usr/sbin/rhn-satellite restart
Test/verify new RHN Satellite
Proxy upgrade
http://kbase.redhat.com/faq/docs/DOC-10806
- Proxy upgrades are really a reinstall because it’s just a squid caching server.
- backup the /root/ssl-build directory so that you can retain the old ssl certs
installation procedure
- make sure the satellite has the rhn-tools-rhel-x86_64-server-5 channel or the version that matches the base channels being used.
- make sure the satellite has the redhat-rhn-proxy-5.3-server-x86_64-5 channel synced
- add network interface for sat5 network
- configure eth1 for the 10.0.0.0/255.0.0.0 network (use 10.0.0.5x for proxies)
- add 10.0.0.5 jtsat.dj.edm jtsat to /etc/hosts
- add sat5proxy.dj.edm to /etc/sysconfig/network HOSTNAME line
- setenforce 0
- bootstrap proxy server
- add rhn tools channel to system
- rhn_check
- yum install spacewalk-proxy-installer
- mkdir /root/ssl-build
- scp ‘root@jtsat.dj.edm:/root/ssl-build/{RHN-ORG-PRIVATE-SSL-KEY,RHN-ORG-TRUSTED-SSL-CERT,rhn-ca-openssl.cnf}’ /root/ssl-build
- configure-proxy.sh
installer ERRORS
- ERROR: unknown exception: (no element found: line 1, column 0), (xml.parsers.expat.ExpatError instance at 0x2b8f3ccbad40)
- resolved by running rhn_check and restarting script
- Error: Cannot retrieve repository metadata (repomd.xml) for repository: redhat-rhn-proxy-5.3-server-x86_64-5. Please verify its path and try again
- resolved by running rhn_check and restarting script
- installer tries to answer Y/n instead of y or n for enabling monitoring step if using –non-interactive
- setup answers file or do not use –non-interactive