[Spacewalk-list] FW: semi-automated spacewalk client registration
Boyd, Robert
Robert.Boyd at peoplefluent.com
Fri Nov 30 21:13:22 UTC 2012
This is in response to some of the questions I've seen about registering clients. I'm including "sanitized" versions of 2 scripts that I wrote to make this whole process easier since we have several hundred clients spread over about multiple sites in multiple cities with various odd domain names involved.
I created spacewalk proxy servers for each of the cities that are remote from the master. These scripts help to automate placing tools on the "pub" site and subtrees for each spacewalk/proxy server and for registration help to pick the correct proxy/master when registering a client.
If you decide to use any of what I'm including here you'll need to carefully work through the parts that relate the domain name to spacewalk / proxy server. I tried to confine most of that logic to a very small segment of the scripts so it won't take searching all over the script for those pieces. You'll also want to pay attention to the activation key naming convention I used and replace that with your own.
Also mentioned in this script is a piece that I came up with that gets injected into VMware clients for dealing with forcing a reconfig of the vmware tools on boot after a kernel update. This may not be needed with future versions of the vmware tools, but most of the servers I'm dealing with still need this. If you're interested in having a copy of that script let me know.
On the spacewalk master I use reposync/createrepo to build replicas of the minimum components necessary to hook up spacewalk clients and push out copies of those to the /var/www/html/pub.... trees of the proxy servers. The particular content that I pull with reposync is limited by the conf file:
/etc/reposync.conf
[epel-6]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch
failovermethod=priority
gpgkey=http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL
gpgcheck=1
enabled=1
includepkgs=bea-stax* cobbler editarea gc gc-devel git* jabberd jabberpy* jakarta-commons-cli jcommon \
jfreechart libapreq2 libgsasl* libntlm* libyaml perl-Algorithm-Diff perl-Apache-DBI \
perl-BerkeleyDB perl-Cache-Cache perl-Class-MethodMaker perl-Class-Singleton \
perl-Convert-BinHex perl-Config-IniFiles perl-Crypt-DES perl-Crypt-GeneratePassword \
perl-DateTime perl-DateTime-Format-Mail perl-DateTime-Format-W3CDTF perl-Error \
perl-FreezeThaw perl-Frontier-RPC perl-GD perl-Git perl-Math-FFT perl-HTML-TableExtract \
perl-IO-Capture perl-IO-stringy perl-IPC-ShareLite perl-libapreq2 perl-MIME-Lite \
perl-MIME-tools perl-Net-IPv4Addr perl-Net-SNMP perl-Params-Validate perl-Proc-Daemon \
perl-SOAP-Lite perl-TermReadKey perl-Text-Diff perl-Unix-Syslog perl-XML-RSS perl-version \
perlAlgorithm-Diff python-cheetah python-dmidecode python-ethtool python-hashlib python-hwdata python-netaddr PyYAML \
python-simplejson rhino tzdata-java udns*
[rpmforge-6]
name = RPMforge for Enterprise Linux 6 - $basearch
baseurl = http://apt.sw.be/redhat/el6/en/$basearch/rpmforge
mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
enabled = 1
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1
includepkgs=amavisd-new arc cabextract clamav* clamd freeze lha lzop nomarch perl-Archive-Zip perl-Convert-TNEF \
perl-Convert-UUlib perl-MailTools perl-Net-Server ripole unarj zoo
[spacewalk-client-6]
name = Spacewalk Client for Enterprise Linux 6 - $basearch
baseurl = http://spacewalk.redhat.com/yum/1.7-client/RHEL/6/$basearch/
gpgkey = http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk-2012
gpgcheck=1
[epel-5]
name=Extra Packages for Enterprise Linux 5 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
failovermethod=priority
gpgkey=http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL
gpgcheck=1
enabled=1
includepkgs=bea-stax* cobbler editarea gc gc-devel git* jabberd jabberpy* jakarta-commons-cli jcommon \
jfreechart libapreq2 libgsasl* libntlm* libyaml perl-Algorithm-Diff perl-Apache-DBI \
perl-BerkeleyDB perl-Cache-Cache perl-Class-MethodMaker perl-Class-Singleton \
perl-Convert-BinHex perl-Config-IniFiles perl-Crypt-DES perl-Crypt-GeneratePassword \
perl-DateTime perl-DateTime-Format-Mail perl-DateTime-Format-W3CDTF perl-Error \
perl-FreezeThaw perl-Frontier-RPC perl-GD perl-Git perl-Math-FFT perl-HTML-TableExtract \
perl-IO-Capture perl-IO-stringy perl-IPC-ShareLite perl-libapreq2 perl-MIME-Lite \
perl-MIME-tools perl-Net-IPv4Addr perl-Net-SNMP perl-Params-Validate perl-Proc-Daemon \
perl-SOAP-Lite perl-TermReadKey perl-Text-Diff perl-Unix-Syslog perl-XML-RSS perl-version \
perlAlgorithm-Diff python-cheetah python-dmidecode python-ethtool python-hashlib python-hwdata python-netaddr PyYAML \
python-simplejson rhino tzdata-java udns*
[rpmforge-5]
name = RPMforge for Enterprise Linux 5 - $basearch
baseurl = http://apt.sw.be/redhat/el5/en/$basearch/rpmforge
mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
enabled = 1
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1
includepkgs=amavisd-new arc cabextract clamav* clamd freeze lha lzop nomarch perl-Archive-Zip perl-Convert-TNEF \
perl-Convert-UUlib perl-MailTools perl-Net-Server ripole unarj zoo
[spacewalk-client-5]
name = Spacewalk Client for Enterprise Linux 5 - $basearch
baseurl = http://spacewalk.redhat.com/yum/1.7-client/RHEL/5/$basearch/
gpgkey = http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk-2012
gpgcheck=1
#
# Puppetlabs
#
[puppetlabs]
name=Puppet Labs Packages
baseurl=http://yum.puppetlabs.com/el/$releasever/products/$basearch
enabled=1
gpgcheck=1
gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-reductive
[puppetlabs-dependencies]
name=Puppet Labs Dependencies
baseurl=http://yum.puppetlabs.com/el/$releasever/dependencies/$basearch
enabled=1
gpgcheck=1
gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-reductive
[puppetlabs-extras]
name=Puppet Labs Extras
baseurl=http://yum.puppetlabs.com/el/$releasever/extras/$basearch
enabled=1
gpgcheck=1
gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-reductive
[puppetlabs-devel]
name=Puppet Labs Development
baseurl=http://yum.puppetlabs.com/el/$releasever/devel/$basearch
enabled=0
gpgcheck=1
gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-reductive
---------------------------------------------------
Please find attached a copy of the client registration script that I use. I usually use another smaller script as a front end to this one that I invoke from a centralized server that has administrative access rights for ssh to most of the servers in the environment.
Also here is the script that manages the repo pulls and builds:
/usr/local/bin/spacewalk-daily
#! /bin/bash -xv
export MY_NAME=$_
cd /var/www/html/pub/spacewalk-client
if [ ! -e spacewalk-client-tools-0.0-1.noarch.rpm ]; then wget http://stahnma.fedorapeople.org/spacewalk-tools/spacewalk-client-tools-0.0-1.noarch.rpm; fi
for distro in spacewalk-client epel rpmforge puppetlabs;
{
for arch in x86_64 i386;
{
for rel in 6 5;
{
export releasever=$rel
export TARGET_DIR=/var/www/html/pub/$distro/$rel/$arch
echo $MY_NAME `date` building local repo ${TARGET_DIR}
if [ ! -e "${TARGET_DIR}" ]; then mkdir -p ${TARGET_DIR} ; fi
/usr/bin/reposync --arch=$arch --repoid=${distro}-$rel -c /etc/reposyncb.conf -p ${TARGET_DIR} -d -l -g -n -q > /dev/null
cd ${TARGET_DIR}
case "${distro}" in
epel)
ETH_FILE=/var/www/mrepo/rhel-server-$rel-$arch/RPMS.updates/python-ethtool*.rpm
if [ -e ${ETH_FILE} ]; then cp ${ETH_FILE} ${TARGET_DIR} ; fi
;;
*)
;;
esac
case "${rel}" in
5) echo "Using sha1"
REPO_SHA="-s sha1" ;;
6) echo "Using sha256"
REPO_SHA="-s sha256" ;;
*) echo "No algorithm specified"
REPO_SHA="" ;;
esac
createrepo -v ${REPO_SHA} ${TARGET_DIR} > /dev/null
}
}
for proxy in city1 city2 city3 city4 city5;
{
case "${site}" in
dom1*|dom2*|dom3*)
export SPACEWALK_DOMAIN=company1.com ;;
*)
export SPACEWALK_DOMAIN=corp.company.com ;;
esac
rsync -avz /var/www/html/pub/$distro spacewalk-${proxy}.${SPACEWALK_DOMAIN}:/var/www/html/pub
}
}
Robert Boyd
Sr System Engineer | Peoplefluent
p. 919-645-2972 | c. 919-306-4681
e. Robert.Boyd at peoplefluent.com
Visit: www.peoplefluent.com | Read: Peoplefluent Blog
Follow: @peoplefluent | Download: iPad App
------------------------------------
Subject: spacewalk-client-register
#! /bin/bash
#! -xv
# Script to register a new client to Spacewalk # $1 = section to execute: can be repo | certificates | register | re-register | vmware | [all] # $2 = override site name #
# Author: Robert Boyd
# Date: Fall 2012
# Spacewalk V1.7
#
export WHO_AM_I_EXACTLY=$0
export WHO_AM_I=${0##./}
export MY_NAME=${WHO_AM_I##*/}
log_message ()
{
echo "`date` ${MY_NAME} $@"
}
export host_dom=`hostname -d`
#echo "host domain: ${host_dom}"
if [ -n "$1" ]; then export REG_request=$1; fi if [ "$REG_request" != "help" ]; then
log_message "requesting ${REG_request:=all}"
export REG_request
export my_site=${host_dom%%.*}
if [ -n "$2" ]; then export site=$2 ; fi
log_message "Site: ${site:=$my_site}"
fi
#
# Fix up the repo addresses to point to the right server # replace_url () { # replace_url: function to replace original URL strings with new ones for internal repos for spacewalk-client, EPEL and rpmforge # args: $1=original; $2=replacement; $3=filename(s) # /usr/bin/perl -p -i.bak -e "s|$1|$2|g" $3 }
replace_first_occurrence ()
{
# replace_url: function to enable/disable only the 1st repository reference in a file # args: $1=filename(s)
# $2=REPO ENABLE/DISABLE Switch
#
FN=${1##./}
RF=${FN##*/}
RN=${RF%%.*}
echo RN=$RN
REPOSWITCH=$2
if [ "$2" = "" ]; then REPOSWITCH=1 ; fi echo REPOSWITCH=$REPOSWITCH /usr/bin/perl -sp -i.bak -e '!$y and /\[${RN}/ and !/\[${RN}-/ && print ; !$x and s/(enabled?)\s*=\s*[01]+/${1}=${REPOSWITCH}/ and $x++ ; $y++' -- -RN=$RN -REPOSWITCH=$REPOSWITCH $1 }
import_repos ()
{
log_message "Base Architecture: ${BASEARCH}, Release No: ${RELEASE_NO}"
log_message "EPEL ${REL_NO} selected for ${BASEARCH} epel-release $EPEL_REL }"
yum clean all
chattr -i /etc/yum.repos.d/*.repo
for REPO_FILE in `ls /etc/yum.repos.d/*.repo` do
case ${REPO_FILE##.*} in
rhel5)
replace_url "https:/*.company3.com/mrepo/rhel${REL_NO}-server-${BASEARCH}/RPMS.os/" "https://${SPACEWALK_SERVER}/mrepo/rhel-server-${REL_NO}-${BASEARCH}/" ${REPO_FILE}
;;
spacewalk-client|epel|rpmforge|reposync|mcafee|company3|hp)
# Do nothing for now
echo "Leaving Repo ${REPO_FILE##*/} as is"
;;
*)
echo "Disabling Repo ${REPO_FILE##*/}"
replace_url "enabled=1" "enabled=0" ${REPO_FILE}
replace_url "enabled = 1" "enabled = 0" ${REPO_FILE}
;;
esac
done
#
# remove old site specific yum configs built for use with mrepo and other previous implementations. You may not need something like this.
#
for yumsite in site8 site0 site1 site3 site6 site9 site7 do
for yumarch in 32 64
do
if rpm -q company3-yumconf-${yumsite}${yumarch} > /dev/null ; then yum remove company3-yumconf-${yumsite}${yumarch}; fi
done
if rpm -q company3-yumconf-${yumsite} > /dev/null ; then yum remove company3-yumconf-${yumsite}; fi done
case ${REL_NO} in
5|6)
log_message "Linking to spacewalk-client, EPEL and rpmforge(repoforge) repositories"
# For CentOS/RHEL 5 & 6:
# Install link to the nearest spacewalk yum repository (release dependent, architecture independent)
# original repository:
# rpm -Uvh http://spacewalk.redhat.com/yum/1.7/RHEL/${REL_NO}/i386/spacewalk-client-repo-1.7-5.el${REL_NO}.noarch.rpm
# inhouse repository:
rpm -Uvh http://${SPACEWALK_SERVER}/pub/spacewalk-client/spacewalk-client-repo-1.7-5.el${REL_NO}.noarch.rpm
# install link to nearest EPEL yum repository ( release dependent, architecture independent)
# original repository:
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/${REL_NO}/$BASEARCH/epel-release-${EPEL_REL}.noarch.rpm
# inhouse repository:
rpm -Uvh http://${SPACEWALK_SERVER}/pub/epel/epel-release-${EPEL_REL}.noarch.rpm
# RPMFORGE/REPOFORGE
rpm -Uvh http://${SPACEWALK_SERVER}/pub/rpmforge/rpmforge-release-0.5.2-2.el${REL_NO}.rf.${BASEARCH}.rpm
# Update all of the yum repo configuration files to point to our internal mirror(s) of these 3 repositories because of firewalls
# spacewalk-client fixups
for NEXT_FILE in /etc/yum.repos.d/spacewalk-client.repo /etc/reposync.conf; do
if [ -e ${NEXT_FILE} ]; then
log_message "Updating remote server info for spacewalk-client in file ${NEXT_FILE}"
replace_url "spacewalk.*.corp.company3.com" "${SPACEWALK_SERVER}" ${NEXT_FILE}
replace_url "spacewalk.redhat.com" "${SPACEWALK_SERVER}" ${NEXT_FILE}
replace_url "yum/RPM-GPG-KEY-spacewalk-2012" "pub/spacewalk-client/RPM-GPG-KEY-spacewalk-2012" ${NEXT_FILE}
replace_url "yum/1.7-client/RHEL/" "pub/spacewalk-client/" ${NEXT_FILE}
replace_first_occurrence ${NEXT_FILE} 1
fi
done
# epel fixups
for NEXT_FILE in /etc/yum.repos.d/epel.repo /etc/reposync.conf; do
if [ -e ${NEXT_FILE} ]; then
replace_url "#baseurl=http://download.fedoraproject.org/" "baseurl=http://${SPACEWALK_SERVER}/" ${NEXT_FILE}
replace_url "baseurl=http://download.fedora.redhat.com/" "baseurl=http://${SPACEWALK_SERVER}/" ${NEXT_FILE}
replace_url "http://download.fedora.redhat.com/" "http://${SPACEWALK_SERVER}/" ${NEXT_FILE}
replace_first_occurrence ${NEXT_FILE} 1
fi
done
# rpmforge fixups
for NEXT_FILE in /etc/yum.repos.d/rpmforge.repo /etc/reposync.conf; do
log_message "Updating baseurl for file ${NEXT_FILE}"
if [ -e ${NEXT_FILE} ]; then
for FIX_ARCH in i386 x86_64; do
for FIX_REL in 5 6; do
replace_url "apt.sw.be/.*/rpmforge\$" "${SPACEWALK_SERVER}/pub/rpmforge/${FIX_REL}/\\\$basearch" ${NEXT_FILE}
replace_url "^mirrorlist\b" "#mirrorlist" ${NEXT_FILE}
replace_first_occurrence ${NEXT_FILE} 1
done
done
fi
done
# Install the Red Hat Network client utilities with yum
yum install -y rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin
#
yum clean all
yum --verbose repolist
# Disable the temporary repos
for NEXT_FILE in /etc/yum.repos.d/spacewalk-client.repo /etc/yum.repos.d/epel.repo /etc/yum.repos.d/rpmforge.repo; do
replace_first_occurrence ${NEXT_FILE} 0
done
;;
4)
log_message "Linking to spacewalk-client repository"
# For CentOS/RHEL 4:
# rpm -ivh http://stahnma.fedorapeople.org/spacewalk-tools/spacewalk-client-tools-0.0-1.noarch.rpm
rpm --import /usr/share/rhn/RPM-GPG-KEY
rpm -ivh http://${SPACEWALK_SERVER}/pub/spacewalk-client/spacewalk-client-tools-0.0-1.noarch.rpm
replace_url "spacewalk.redhat.com" "${SPACEWALK_SERVER}" /etc/yum.repos.d/spacewalk-client-tools.repo
# yum install up2date
up2date up2date
;;
*)
# we don't know what to do for this version
log_message "This script does not handle Linux Release ${RELEASE_STR}-${BASEARCH}"
echo "Exiting"
exit 1
;;
esac
}
install_certs ()
{
cd /tmp
#
# Register certificates that we need
#
log_message "Registering SSL and GPG certificates"
wget http://${SPACEWALK_SERVER}/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
wget http://${SPACEWALK_SERVER}/pub/RPM-GPG-KEY-redhat-release
rpm -v --import http://${SPACEWALK_SERVER}/pub/spacewalk-client/RPM-GPG-KEY-spacewalk-2012
rpm -v --import RPM-GPG-KEY-redhat-release
rpm -ivh rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
#
# Fix up up2date to use SSL Certificate
#
replace_url RHNS-CA-CERT RHN-ORG-TRUSTED-SSL-CERT /etc/sysconfig/rhn/up2date
replace_url "xmlrpc.rhn.redhat.com" "${SPACEWALK_SERVER}" /etc/sysconfig/rhn/up2date
}
register_me ()
{
if [ -n "$1" ]; then FORCE="--force" ; fi
#
# Finally ... what we've all been waiting for -- register this server as a client!
#
log_message "Registering client `hostname` to Spacewalk via nearest Proxy/Server"
log_message "Registering `hostname` as a client of ${SPACEWALK_SERVER} for updates & patches."
echo "Please be patient -- this may take a little while."
rhnreg_ks --serverUrl=http://${SPACEWALK_SERVER}/XMLRPC --activationkey=2-PF-spacewalk-RHEL${REL_NO}-${BASEARCH} ${FORCE}
}
vmware_auto_update ()
{
#
# Add vmware-config-tools auto update for systems with VMware Tools installed
#
if [ -e /usr/bin/vmware-config-tools.pl ]; then
log_message "configuring auto configure on boot with new kernel for VMware Tools"
wget -qO- http://${SPACEWALK_SERVER}/pub/auto-fixup-vmware.sh | /bin/bash
else
log_message "auto configure for VMware Tools already configured"
fi
}
configure ()
{
# First we figure out which server we should register through based on the domain name
# Determine the site, then based on the site select the appropriate server/proxy
case "${site}" in
site7|site4|company2)
export SPACEWALK_DOMAIN=site4.company2.com ;;
wal|msp|labs)
export SPACEWALK_DOMAIN=company.com ;;
*)
export SPACEWALK_DOMAIN=corp.company3.com ;;
esac
if [ ${BASH_VERSINFO[0]} -ge 4 ]; then
declare -A SPACEWALK_SERVERS
#
# corp defaults to null string
#
SPACEWALK_SERVERS=( ['corp']= ['site6']=-city1 ['site3']=-city3 ['site9']=-city4 ['site10']=-city4 ['msp']=-city4 ['site1']=-city0 ['site0']= ['site7']=-city2 ['site4']=-city2 ['company2']=-city2 )
export SPACEWALK_SERVER=spacewalk${SPACEWALK_SERVERS[$site]}.${SPACEWALK_DOMAIN}
# log_message "Spacewalk Server: $SPACEWALK_SERVER"
else
case "${site}" in
site3)
export SITE_PART=-city3 ;;
site7|site4|company2)
export SITE_PART=-city2 ;;
site6)
export SITE_PART=-city1 ;;
wal|labs|msp)
export SITE_PART=-city4 ;;
site1)
export SITE_PART=-city0 ;;
corp|site0|*)
export SITE_PART= ;;
esac
# log_message "Site selection string: $SITE_PART"
SPACEWALK_SERVER=spacewalk${SITE_PART}.${SPACEWALK_DOMAIN}
fi
log_message "Nearest Spacewalk Server/Proxy: ${SPACEWALK_SERVER}"
# Determine what architecture and release number we are running
export BASEARCH=$(uname -i)
export RELEASE_STR=`uname -r`
export RELEASE_NO=`expr match "${RELEASE_STR}" '.*\(\(.el\|.es\|.as\)[0-9]\|.EL\)'`
RELEASE_NO=${RELEASE_NO:1}
export REL_NO=${RELEASE_NO:2}
# determine which EPEL yum repository to use ( release dependent, architecture independent)
case ${RELEASE_NO} in
EL|el4|es4|as4)
REL_NO=4
export EPEL_REL="0.0-1"
;;
el5)
export EPEL_REL="5-4"
;;
el6)
export EPEL_REL="6-7"
;;
*)
echo "This script does not handle Linux Release ${RELEASE_NO}-${BASEARCH}"
echo "Exiting"
exit 1
;;
esac
}
# end of configure
case "${REG_request}" in
help)
echo "Usage: ${WHO_AM_I} { repo | certificates | register | re-register | vmware | [all] } [site]"
rc=$?
;;
*)
configure
log_message "Requesting $REG_request for spacewalk client `hostname`"
case "${REG_request}" in
repo)
echo "Set up repositories and links"
import_repos ; rc=$?
;;
cert*)
install_certs ; rc=$?
;;
reg*)
register_me ; rc=$?
;;
re-reg*)
install_certs
register_me T ; rc=$?
;;
vmware*)
vmware_auto_update ; rc=$?
;;
all)
import_repos
install_certs
register_me
vmware_auto_update
rc=$?
;;
help)
;;
*)
echo "Invalid option ${REG_request}"
${WHO_AM_I_EXACTLY} help
exit 2
;;
esac
;;
esac
exit $rc
More information about the Spacewalk-list
mailing list