Novell Home

How to Mirror Open Enterprise Server Patches with ZENworks Linux Management 6.6.1

Novell Cool Solutions: Feature
By Aaron Gresko

Digg This - Slashdot This

Posted: 11 Jul 2005
 

Mirroring patches is a great way to save bandwidth and update multiple systems in a network. By default, all Open Enterprise Servers (OES) are patched from the Novell server update.novell.com. Each server goes out on the Internet and downloads the patch files.

By mirroring the patches, a single ZENworks Linux Management (ZLM) server downloads the files and the rest of the systems on the network retrieve the patches from the local ZLM server. An additional benefit to setting up a ZLM server to mirror OES patches is the ability to push patches onto a system from a central administrative interface.

Realizing the benefits of mirroring OES patches with ZLM requires the following:

Note on Environment: This article will demonstrate how to set up a ZLM server and get a mirrored OES patch channel running on it. Additionally, patching OES systems from the mirrored channel will be covered. The examples will use two systems---the first system will be a SLES9 server patched to Support Pack 1, and the second will be an OES server. The SLES9 system will run the ZLM server. The SLES9 server will have python and apache2 installed. The OES server will be patched from the SLES9 server.

Install ZENworks Linux Management 6.6.1

The first step is to get ZLM installed and running on the SLES9 box. The choice of SLES9 is arbitrary, as ZLM runs on multiple Linux distributions including OES.

To install ZENworks Linux Management 6.6.1, do the following:

Obtain ZENworks Linux Management 6.6.1 Software

ZENworks Linux Management is proprietary software that can be purchased from Novell. ZLM is the server product used to provide software to the Red Carpet and rug clients.

If purchased from Novell, ZLM is delivered through the sales channel along with a license file. ZLM can be evaluated on up to two systems by visiting http://download.novell.com/Download?buildid=g3FMXzzgDSg~ and downloading the product ISO.

The evaluation comes with a license for updating two systems. Moving from the evaluation to the full product is done by purchasing and applying a full license.

Run the ZENworks Linux Management 6.6.1 Installation Script

To install ZLM, complete the following:

  1. Insert the ZLM media into the system.
  2. Open a terminal and su to root.
  3. Change directory to the ZLM media.
  4. Run the installation script by entering ./rce-install.
  5. When asked if you'd like to install ZLM now, enter Y.
  6. Read through the license agreement, and enter Y to agree to it.
  7. If installing with a full license, enter N and provide the path to the license. Otherwise the install uses the evaluation license. To use the evaluation license, enter Y.
  8. When asked if you want to install with Red Carpet Online, enter N.
  9. When asked if you want to leave rug and rcd installed, enter Y.

When the installation is complete, the text shown in Figure 1 is displayed.

Figure 1: Instructions given after successful ZLM installation

The text instructs the user to run rce-init as root. Running rce-init sets up the PostgreSQL database, sets the ZLM administrator name and password, and sets up the ZLM web administration interface. Running rce-init only needs to be done once.

To run rce-init, enter
/usr/sbin/rce-init -U admin@address -P password -R "Real Name".

For example:
/usr/sbin/rce-init -u joe@email.com -P novell -R "Joe Novell".

When rce-init finishes, verify the web administration interface is active by accessing https://ip_address_of_server in a web browser.

The web administration interface is shown in Figure 2.

Figure 2: ZLM web administration interface

Configure ZENworks Linux Management For Open Enterprise Server Patches

With ZLM installed, the next step is to set up the channel for the OES patches. ZLM 6.6 doesn't contain everything needed to mirror OES patches out of the box, but it can be accomplished with a few simple steps.

To prepare for and create the OES patch channel, do the following:

Add the Open Enterprise Server Target to the ZLM Database

In order to host patches for OES systems, ZLM must have a target capable of handling the SUSE Linux patches OES uses.

Usually, targets are created through the web interface. In this case, the target must be created by entering SQL statements into the PostgreSQL database.

To create the OES target, do the following:

  1. Create a file to hold the SQL statements, for example touch /root/rcserver-oes-target.sql.
  2. Open the file in a text editor and add the following:
    INSERT INTO distro_targets (name, distroname, version, arch, distrotype, detect, supid) VALUES ('oes-9-i586', 'Open Enterprise Server', 'Linux', 'i586', 'rpm', '', (SELECT supid FROM support_levels WHERE description = 'supported'));
    INSERT INTO suse_products (name, path) VALUES ('Open Enterprise Server', 'Open-Enterprise-Server');
    INSERT INTO distro_products (did, prodid, arch, version) VALUES ((SELECT did FROM distro_targets WHERE name = 'oes-9-i586'), (SELECT prodid FROM suse_products WHERE name = 'Open Enterprise Server'), 'i386', '9');
    INSERT INTO distro_products (did, prodid, arch, version) VALUES ((SELECT did FROM distro_targets WHERE name = 'oes-9-i586'),(SELECT prodid FROM suse_products WHERE name = 'SUSE CORE'), 'i386', '9');
  3. Use the SQL file to add the records for the OES target into the database by running psql -f rcserver-oes-target.sql rcserver rcadmin.

If successful, the target platform will show up in the ZLM web interface. To verify the target is present, do the following:

  1. Open the ZLM web interface in a web browser.
  2. Authenticate using the administrative account and password.
  3. Select Server > Target Platforms > oes-9-i586.

The target's details should be displayed as shown in Figure 3.

Figure 3: Details of the oes-9-i586 target platform

ZLM will not show the oes-9-i586 target to client systems unless the targets are refreshed. A quick and easy way to refresh the targets is to change a value of an unrelated target platform. The sles-9-i586 platform seems to work best.

Complete the following:

  1. Open the ZLM web interface in a web browser.
  2. Authenticate using the administrative account and password.
  3. Select Server > Target Platforms.
  4. Select page 2 from the drop-down list and select sles-9-i586 from the list.
  5. Change the version value to 1 and then select Save.
  6. Repeat Steps 4 and 5 to change the value back to 9.

The oes-9-i586 target platform will now be available to client systems.

Activate the Source Channel with rug

The ZLM server must be activated and known to the source server, which is update.novell.com in the case of OES. This allows ZLM access to the channels available on the source server. On servers that require activation, a valid activation code is required.

To activate the source server update.novell.com, do the following:

  1. Open a terminal and su to root.
  2. Add update.novell.com as a service by entering rug sa https://update.novell.com/data.
  3. Verify the service was added by entering rug sl. The known services are displayed, as shown in Figure 4.

  4. Figure 4: Adding https://update.novell.com as a service

  5. Using its number from the service list, activate update.novell.com by entering
    rug act -s number_in_list activation_code email_address.

    Using Figure 4, the proper command is
    rug act -s 2 12345ABCD jim@email.com.

Create the rcmirror Configuration File

rcmirror uses configuration files to specify the details of mirrored channels. To mirror the OES channel from update.novell.com, do the following:

  1. Open a terminal and su to root.
  2. Create a configuration file for the OES channel by entering touch /etc/ximian/oes-rcmirror.conf.
  3. Edit the oes-rcmirror.conf file and add the text shown in Figure 5.

Figure 5: Contents of /etc/ximian/oes-rcmirror.conf

Pull Down Patches From the Source Channel

With the oes-rcmirror.conf file created, the OES channel can now be mirrored to the local ZLM server. To pull down the patches from the OES channel enter the following at the command line:

#rcmirror -c /etc/ximian/oes-rcmirror.conf

If everything is configured right, the OES channel is downloaded and added to the channel specified in oes-rcmirror.conf, as shown in Figure 6.

Figure 6: rcmirror retrieves the patches in the OES channel

A cron job should be set to run the rcmirror command at an opportune time every night.

Patch Systems from the Mirrored Channel

Patching OES servers from the mirrored channel requires the following:

Create Groups And Activation Codes

In order for systems to access the ZLM server, they need to activate against the server and find the channel. ZLM delivers channels to groups of systems.

To define a group for the OES channel, do the following:

  1. Open a web browser and access the ZLM web interface at https://ip_address.
  2. Log in as the ZLM administrator.
  3. Select Groups > Create New Groups.
  4. Provide a descriptive name and description for the new group.
  5. Select the Permissions tab.
  6. In the Channels section, select oes > Add Channels > Save.

With the group created, activations can be generated for members of the group.

To create an activation, do the following in the ZLM web interface:

  1. Select Server > Activations.
  2. Create either a Reusable or Single-Use Activation, according to the standard in your environment. This example will create a Reusable Activation, so select Create New Reusable Activations.
  3. Provide key and description values, and then select Save.
  4. Add the group created previously by selecting the group from the list and then select Add Groups.

Activate the Mirrored Channel

The systems to be updated from the mirrored channel access the mirrored channel by doing the following:

  1. On an OES system, open a terminal and su to root.
  2. Add the ZLM server as a service by entering
    rug sa https://domain_name_or_ip_address_of_ZLM_server/data

    Note: rug requires valid SSL certificates by default. If the rug sa command returns a Soup error, enter rug set require-verified-certificates false to turn off the requirement and try to add the service again.
  3. Verify the service was added by entering rug sl.
  4. Using its number from the service list, activate the local ZLM server by entering
    rug act -s number_in_list activation_code email_address.
  5. Subscribe to the OES channel by entering rug sub oes.

Patch Activated Systems

Open Enterprise Server is patched using Red Carpet and rug's patch functionality. The update functionality should never be used on OES.

To work with patches on the command line with rug, use the following:

  • rug pl ---lists available patches
  • rug pi patch_name ---displays information about the specified patch
  • rug pin patch_name ---installs the specified patch
  • rug pin oes:* ---installs every patch in the specified channel (OES in the example)

With ZLM, patches can also be pushed onto systems using transactions in the ZLM web interface. See the ZENworks Linux Management documentation for more information on transactions.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell