[Spacewalk-list] Kickstart and Config management
William H. ten Bensel
WHTENBEN at up.com
Thu Mar 31 02:07:22 UTC 2016
So, Step 4 part 2 is good. Which means that the activation key is setup
correctly. I am uncertain of the logging as we no longer use or depend on
the activation key deploying files during the kickstart process.
Also, some explanation on the "hack". These are all historical issues for
our needs. They may have been fixed in newer spacewalk releases, we just
have not adopted them.
1. Timing.
The files from the Activation key/Configuration channels were not
always immediately available in the first %post script that the file/files
were needed. If we put a sleep 90, then the files would become available.
Determined that the "hack" was better suited for our needs vs the
sleep.
Note: RHEL/CentOS 4 (if anyone is still kickstarting/building),
have to re-run the hack twice. Sometimes rhncfg-client get fails to
actually get all of the files the first time.
2. Backups.
The activation key does not make backups (that we could find) of
the original files replaced. Honestly we did not spend much time looking
for them, so I may be mistaken in this comment.
rhncfg-client get backup location -> /var/lib/rhncfg/backups/
3. Migrating servers from one Satellite/Spacewalk to another
Satellite/Spacewalk (Migration of thousands of servers in < 30 days and
still having the Spacewalks and Satellites available for new server
builds)
Re-use of the standard activation key vs creating a "migration
one" to rhnreg_ks --force, when migrating
If the activation key on the new Spacewalk/Satellite has
Configuration File Deployment checked in the Activation key, it will
override ANY local file that was modified outside of the config channel.
We did not want this..
Determined that for our needs, it was better to have Configuration
File Deployment NOT checked, because we can use the "hack"
If any of the files in a configuration channel needs to be pushed,
you can use the UI or run a spacecmd script with rhncfg-client get file.
The config will be pushed the next time the server checks in with rhnsd
(rhn_check) or immediately if using osad.
Suggestion: Create a wrapper around this which sources in the
username/password/spacewalk server, so that it is not visible in bash
history.
spacecmd -s $myspacewalk -u $myuser -p $mypass -- system_runscript
$serverlist -u root -g root -t 7200 -f $myfile
file:
#!/bin/bash
rhncfg-client get file
- Thanks and good luck
From: Lachlan Musicman <datakid at gmail.com>
To: spacewalk-list at redhat.com
Date: 03/30/2016 07:49 PM
Subject: Re: [Spacewalk-list] Kickstart and Config management
Sent by: spacewalk-list-bounces at redhat.com
This email originated from outside of the company. Please use discretion
if opening attachments or clicking on links.
On 30 March 2016 at 22:48, William H. ten Bensel <WHTENBEN at up.com> wrote:
That is a "hack" work around. After the 1-3 steps below is done, add this
before and after the "hack" to add some validation in the %post script.
This should see/validate if the activation key is pushing the files as
expected while the server is being kickstarted/built.
date > /root/verify_configs.out
rhncfg-client verify >> /root/verify_configs.out
"hack"
date >> /root/verify_configs.out
rhncfg-client verify >> /root/verify_configs.out
Ok, this is what I got with current set up:
Thu Mar 31 11:05:08 AEDT 2016
Using server name emts-res-utils1
modified /etc/cntlm.conf
missing /etc/cron.d/15min
missing /etc/cron.quarter_hour/check_nfs_mounts.sh
missing /etc/munge/munge.key
missing /etc/profile.d/proxy.sh
missing /etc/samba/user
missing /etc/slurm/slurm.conf
missing /etc/slurm/slurmdbd.conf
Thu Mar 31 11:05:10 AEDT 2016
Using server name emts-res-utils1
/etc/cntlm.conf
/etc/cron.d/15min
/etc/cron.quarter_hour/check_nfs_mounts.sh
/etc/munge/munge.key
/etc/profile.d/proxy.sh
/etc/samba/user
/etc/slurm/slurm.conf
/etc/slurm/slurmdbd.conf
When I did the below exactly as you have it described, I got exactly the
same result - ie, for some reason, Spacewalk is not delivering the files
before I ratchet them in.
Note: The problem only exists when I do the first option in step 4, the
rebuild/re-kickstart. When I do the second option, it is successful -
which reflects that I can deploy manually after the server has installed
and first booted, not during the kickstart.
I can't see anything in the logs that would indicate where the Kickstart
process has attempted and failed to get the files. Would that error be
logged?
1. Now lets concentrate on resetting the activation key:
For each activation key that you want config files pushed when a system
activates/registers with this key:
Systems -> Activation Keys -> {activation key} -> details -> take note of
the key (ie: {org#}-{what you named it} or {some long number})
Systems -> Activation Keys -> {activation key} -> details -> uncheck
Configuration File Deployment.
Select: Update Activation key
then recheck Configuration File Deployment
Select: Update Activation key
Validate that the Config channels are part of this activation key.
Systems -> Activation Keys -> {activation key} -> Configuration
2. Now go to the kickstart:
Systems -> kickstarts -> profiles -> {profile name} -> Activation Keys ->
uncheck the key
Select: Update Activation keys
then recheck the key
Select: Update Activation keys
3. Validate that the kickstart has been updated:
Systems -> kickstarts -> profiles -> {profile name} -> Kickstart File
Verify AND take note of the Activation key(s) is there. You will use
those in re-registration.
ie: key=1-xxxxxxxxxxxxxxxxx,1-yourkey
4. Now you can do the following:
Re-kickstart / rebuild the server with the kickstart.
OR
add a test file to the configuration channel that is NOT on the server.
delete the server from the Spacewalk
force register from the server:
rhnreg_ks --force --serverUrl=https://spacewalk.server.domain/XMLRPC
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey="keys
from kickstart"
validate the file is on the server. (This will tell you if the activation
key is pushing the files as expected with the above configuration)
Remove test file from the configuration channel.
------
The most dangerous phrase in the language is, "We've always done it this
way."
- Grace Hopper
**
This email and any attachments may contain information that is confidential and/or privileged for the sole use of the intended recipient. Any use, review, disclosure, copying, distribution or reliance by others, and any forwarding of this email or its contents, without the express permission of the sender is strictly prohibited by law. If you are not the intended recipient, please contact the sender immediately, delete the e-mail and destroy all copies.
**
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20160330/929f63e2/attachment.htm>
More information about the Spacewalk-list
mailing list