[Spacewalk-list] Management of baselines

Matthew Madey mattmadey at gmail.com
Thu Nov 20 19:28:27 UTC 2014 

CentOS does not include errata lists in their repositories. You'll have to
use something like Steve Meier's errata-import script, which you can find
here:

http://cefs.steve-meier.de/


Download his script, the errata.latest.xml and com.redhat.rhsa-all.xml
files. Once you have that, you can automate Errata imports. Here's an
example of a script I run in crontab nightly to sync all of my baseline
channels, then import the Errata. I use a strict naming convention in my
channels, so all of my baseline channels have the word "base" in them. I
use this as a keyword to grep out the baseline channels from the spacecmd
softwarechannel_list output. This way I don't need to run a Spacewalk repo
sync against each one individually.

Also, if you haven't already, create your repositories and assign them to
their respective channels in Spacewalk. This will eliminate the need to
ever specify a URL in your spacewalk-repo-sync commands.


#!/bin/bash

## Synchronize Spacewalk Baseline Channels\Repositories

SPACEWALK_USER='**********'
SPACEWALK_PASS='**************'
LOG="/var/log/rhn/sync_channels.log"
LOGDIR="/var/log/rhn/reposync"
BASEDIR="/root/scripts/spacewalk/automation"
SPW_SERVER="spacewalk.home.local"

export SPACEWALK_USER
export SPACEWALK_PASS
export SPW_SERVER

## Sync each Baseline channel

echo
"----------------------------------------------------------------------------------------------"
>> $LOG
echo `date` >> $LOG
echo "Beginning channel sync..." >> $LOG
echo >> $LOG
for CHANNEL in `spacecmd -q softwarechannel_list -u $SPACEWALK_USER -p
$SPACEWALK_PASS | grep base`;
do
        echo "Starting repo sync on $CHANNEL" >> $LOG
        echo >> $LOG
        /usr/bin/spacewalk-repo-sync --channel $CHANNEL
done
echo
"----------------------------------------------------------------------------------------------"
>> $LOG


## Import CentOS Errata

echo "Retrieving latest Errata for CentOS..." >> $LOG
echo >> $LOG
wget -q -N -O $BASEDIR/errata.latest.xml
http://cefs.steve-meier.de/errata.latest.xml
wget -q -N -O $BASEDIR/com.redhat.rhsa-all.xml
http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml

echo "Importing Errata" >> $LOG
echo >> $LOG

/usr/bin/perl $BASEDIR/errata-import.pl --server $SPW_SERVER --rhsa-oval
com.redhat.rhsa-all.xml --errata errata.latest.xml --include-channels
centos-x86_64-server-6-base --publish >> $LOG &&

/usr/bin/perl $BASEDIR/errata-import.pl --server $SPW_SERVER --rhsa-oval
com.redhat.rhsa-all.xml --errata errata.latest.xml --include-channels
centos-x86_64-server-6-base-updates --publish >> $LOG

echo >> $LOG
echo "Done! `date`" >> $LOG
echo
"----------------------------------------------------------------------------------------------"
>> $LOG




















On Thu, Nov 20, 2014 at 11:33 AM, Szabo, Marc <Marc.Szabo at priceline.com>
wrote:

>  Matt,
>
>
>
> This is the command I issue from my Spacewalk Server:
>
>
>
> [root at nw-spcwlk-201 ~]# *spacewalk-repo-sync --channel centos5-i386 --url
> http://mirror.centos.org/centos/5/os/i386/
> <http://mirror.centos.org/centos/5/os/i386/> --type yum*
>
>
>
> When the process completes, I only have the packages (2791) but 0 Erratas.
>
>
>
> So are you saying that if I just include a “-z” option to the above
> command it would pull down the errata as well?
>
>
>
> Thanks.
>
> Marc.
>
>
>
> *From:* spacewalk-list-bounces at redhat.com [mailto:
> spacewalk-list-bounces at redhat.com] *On Behalf Of *Matt Micene
> *Sent:* Thursday, November 20, 2014 12:02 PM
>
> *To:* spacewalk-list at redhat.com
> *Subject:* Re: [Spacewalk-list] Management of baselines
>
>
>
> Marc,
>
>
>
> Errata should be cloned as part of the spacewalk-clone-by-date process
> based on the date provided by ‘-d’.  The logic uses that to find the issue
> date of the errata, so if you are missing errata you may want to try the
> ‘-z’ option which expands the date criteria for finding relevant errata.
>
>
>
> What issues are you having with errata sync?
>
>
>
> Cheers,
>
> Matt
>
>
>
> Matt Micene
>
> Solution Architect
>
> RHCA# 100-002-435
>
> Direct 703-773-1195
>
>
>
> *From:* spacewalk-list-bounces at redhat.com [
> mailto:spacewalk-list-bounces at redhat.com
> <spacewalk-list-bounces at redhat.com>] *On Behalf Of *Szabo, Marc
> *Sent:* Thursday, November 20, 2014 11:17 AM
> *To:* spacewalk-list at redhat.com
> *Subject:* Re: [Spacewalk-list] Management of baselines
>
>
>
> Hi Matthew,
>
>
>
> This is great information… this is exactly what I’m trying to do.
> However, I’m having trouble sync’ing the Errata data.  How are you sync’ing
> the errata, if you don’t mind me asking.
>
>
>
> Thank you in advance for your help.
>
>
>
> Marc.
>
>
>
> *From:* spacewalk-list-bounces at redhat.com [
> mailto:spacewalk-list-bounces at redhat.com
> <spacewalk-list-bounces at redhat.com>] *On Behalf Of *Matthew Madey
> *Sent:* Thursday, November 20, 2014 10:53 AM
> *To:* spacewalk-list at redhat.com
> *Subject:* Re: [Spacewalk-list] Management of baselines
>
>
>
> This can easily be done, and I do something similar, but sync all Errata's
> on a monthly basis on patch tuesday.
>
>
>
> Create your baseline channel that is fully up to date. Sync this baseline
> channel nightly, so it's always current, but don't keep any systems
> subscribed to it. Clone that channel, and use the clone channel for
> patching systems. If you want to add a single Errata to the cloned channel,
> you simply go to Channels-->Manage Software Channels-->Your cloned
> channel-->Errata then click Add. You'll see your baseline channel as the
> source, and can pick and choose whatever Errata or packages you'd like to
> add into your clone channel.
>
>
>
> To refresh your clone channel on a monthly or quarterly basis, the easiest
> way to do this is setup a channel mapping configuration file, and use
> spacewalk-clone-by-date. Then you source your config file to that command
> like such:
>
>
>
> spacewalk-clone-by-date
> --config=/etc/rhn/channel-maps/datacenter-channels-rhel6.conf -d 2014-10-14
>
>
>
>
>
> The below document explains in detail how to setup this kind of
> configuration.
>
> https://access.redhat.com/node/469173/40/0
>
>
>
> On Thu, Nov 20, 2014 at 9:15 AM, Nicolas Michel <
> be.nicolas.michel at gmail.com> wrote:
>
> Hello guys,
>
> I would want to create a baseline for my channels (a snapshot). And
> regularly push in that baseline either choosen packages in function of
> errata, or a full sync of the upstream channel. Here is a use case to
> illustrate what I'm saying: say that I have my baseline which is a
> snapshot of 1 month ago. We just discovered a critical security bug in
> a package (like Shellshock) so I have to patch all my servers with
> that particular set of packages (errata). I would want to push into my
> baseline only that set of packages defined by the errata. How can I do
> this?
> The other use case: every 3 months, I have to patch all my servers
> with all available patches. So I want to re-synchronize my baseline
> from upstream (create a new snapshot).
>
> Currently, here is what I have and how I expected to do (but I'm not
> sure it's the right way):
> - I have in spacewalk a channel which is synchronized daily to the
> upstream repository
> - I created a clone of that channel. So I have my snapshot.
> - Now I don't know how I can push in it selected erratas from my
> original channel.
> - I don't know either how to resynchronize the entire original channel.
>
> Thanks in advance,
>
> --
> Nicolas MICHEL
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20141120/bfb25b6f/attachment.htm>

More information about the Spacewalk-list mailing list