1. Installation Guide for Release 2.10
  2. Configuring Inter-Server Synchronization for Oracle Linux Manager Servers

3 Configuring Inter-Server Synchronization for Oracle Linux Manager Servers

WARNING:

The software described in this documentation is supported for a limited period under Extended Support. Oracle Linux 7 is now in Extended Support. See Oracle Linux Extended Support and Oracle Open Source Support Policies for more information.

Consider using OS Management Hub to manage operating system infrastructure. See OS Management Hub for more information.

This chapter describes the configuration and synchronization of primary and worker or secondary Oracle Linux Manager systems.

About Primary-Secondary Configurations

You can configure inter-server configuration (ISS) to synchronize channel content, channel permissions, and organizational trust settings between Oracle Linux Manager servers. The configuration of local non-content settings for users and organizations is not affected. One Oracle Linux Manager server acts as a primary server to provide content to any number of worker or secondary servers.

Typical use cases of this configuration include the following examples:

  • Content on the worker servers is regularly synchronized with the primary server to obtain the latest maintenance releases.

  • Content is developed and tested on the primary server before distribution to the worker servers.

  • Worker servers have local content that is additional to that synchronized from the primary server.

You can configure primary servers that are themselves workers of a higher-level primary Oracle Linux Manager server. The usual ISS topology is a tree-like hierarchy, where there is one top-level primary server and each worker has only one primary server. A less typical topology is a directed graph, where several top-level primary servers might exist, and each worker can have more than one primary servver . If a worker has more than one primary server , you can designate one as the default primary server with which the worker synchronizes.

To set up the relationships between primary and worker Oracle Linux Manager servers, you can use the spacewalk-sync-setup command, provided that you installed the spacewalk-utils package. Otherwise, you would need to use Oracle Linux Manager web interface which enables you to configure each server independently.

Setting a Worker-Only Oracle Linux Manager Server

By default, an Oracle Linux Manager server is configured so that it can act as a primary server. Any worker server that you configure for the primary server can synchronize from that primary server.

You can designate an Oracle Linux Manager server to function only as a worker server by following these steps:

  1. Edit /etc/rhn/rhn.conf and set the value of disable_iss as follows: 
    disable_iss=1

  2. Restart the httpd service. 

    sudo systemctl restart httpd

To make the server revert to the default behavior, reset disable_iss to 0.

Creating Primary-Worker Configurations With the spacewalk-sync-setup Command

This section assumes that you have installed the spacewalk-utils package. If not, follow the method in Setting Up Primary-Worker Configurations With Oracle Linux Manager Web Interface instead.

Ensure first that Oracle Linux Manager is running on both the primary and worker servers. Then, on either primary or worker server, run the spacewalk-sync-setup command: as follows 

sudo spacewalk-sync-setup --apply --create-templates --ms=primary_olmsvr_FQDN \
--ml=primary_olmadm --mp=primary_olmadm_passwd --ss=backup_olmsvr_FQDN \
--sl=backup_olmadm --sp=backup_olmadm_passwd
INFO: Connecting to olmadmin@olmsvr.mydom.com
INFO: Connecting to olmadmin@olmsvr2.mydom.com
INFO: Generating master-setup file /root/.spacewalk-sync-setup/master.txt
INFO: Generating slave-setup file /root/.spacewalk-sync-setup/slave.txt
INFO: About to wget master CA cert: [wget -q -O 
/usr/share/rhn/olmsvr.mydom.com_RHN-ORG-TRUSTED-SSL-CERT 
http://olmsvr.mydom.com/pub/RHN-ORG-TRUSTED-SSL-CERT]
INFO: Applying master-setup /root/.spacewalk-sync-setup/master.txt
INFO: Applying slave-setup /root/.spacewalk-sync-setup/slave.txt

A copy of the primary server's CA certificate is stored on the worker as /usr/share/rhn/olmsvr.mydom.com_RHN-ORG-TRUSTED-SSL-CERT.

You can then map local organizations on the worker server to organizations that the primary server exports. See Configuring a Primary Oracle Linux Manager Server.

Setting Up Primary-Worker Configurations With Oracle Linux Manager Web Interface

This section describes how to use Oracle Linux Manager Web Interface to configure primary and worker systems and how to create organizations to be included in their synchronization.

Creating Local Organizations

If you intend to include organizations when configuring primary-worker server synchronization, you must create those organizations first. You can create as many organizations as you need.

  1. Log in to your Oracle Linux Manager server's URL, such as https://olmsvr.mydom.com.

  2. Select Admin.

  3. On the Organizations page, click + Create Organization.

  4. On the Create Organization page, enter the required values to create the organization and its administrator.

    Note:

    Each organization you create must have its own administrator acocunt that is different from the Oracle Linux Manager administrator.

  5. Accept any of the default values that are provided for you.

  6. Click Create Organization.

Configuring a Primary Oracle Linux Manager Server

Configure a primary Oracle Linux Manager server as follows:

  1. On Admin, select ISS Configuration.

    The Master Setup tab is selected by default.

  2. Click + Add new slave.

  3. On the Edit Slave Details page, type the FQDN of the worker server and select or deselect the check boxes that configure primary-worker server synchronization.

    For example, you might want to enable the worker to synchronize from the primary server, but not want to synchronize all organizations to the worker .

  4. Click Create.

    When the page refreshes, you are able to select which organizations can be exported.

  5. Provided that you have already created the organizations, select those organizations that you want to enable to be exported to the worker, then click Allow Orgs.

    To create organizations, see Creating Local Organizations.

Configuring a Worker Oracle Linux Manager Server

Configure a worker Oracle Linux Manager server as follows:

  1. On a separate browser tab, navigate to http://primary_olmsvr_FQDN/pub and download the CA certificate file RHN-ORG-TRUSTED-SSL-CERT as RHN-ORG-TRUSTED-SSL-CERT-MASTER.

    Alternatively, you can use the wget command on a terminal window as follows: 

    sudo wget -q -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT-MASTER \
http://primary_olmsvr_FQDN/pub/RHN-ORG-TRUSTED-SSL-CERT

  2. Switch back to the browser tab that is displaying the ISS Configuration page.

  3. Select the Slave Setup tab and click + Add new master.

  4. On the Details for new Master page, do the following:

    • Type the FQDN of the primary server.

    • Type the absolute path of the downloaded primary's CA certificate (RHN-ORG-TRUSTED-SSL-CERT-MASTER).

  5. Select if you want the primary server to be the default server with which the worker synchronizes.

  6. Click Add new master.

    The page refreshes to display a Configure Master-to-Slave Org Mappings section.

  7. Choose one of the following steps:

    • If you do not intend to import any organization, select NOT MAPPED.

    • If you intend to import an organizations, select it from the pull-down menu in the Matching Local Org column.

      This step assumes you have already created the organizations. See Creating Local Organizations.

  8. Click Update.

Synchronizing Software Channels on an Oracle Linux Manager Worker Server

You synchronize a software channel by running the satellite-sync command on the worker server as follows: 

sudo satellite-sync [--iss-parent=primary_olmsvr_FQDN] [--orgid=N] -c channel_label

In the previous command, channel_label specifies the label of the software channel to synchronize from the primary server.

The argument to the --orgid option specifies the ID of the organization on the worker into which the channel is synchronized. If not specified, Oracle Linux Manager Default Organization with ID 1 is assumed.

The primary_olmsvr_FQDN value specifies the FQDN of the primary Oracle Linux Manager server. If not specified, and the worker server has more than one primary server, the default primary server is assumed.

The following example shows how to use the command to begin the synchronization process. 

sudo satellite-sync -c oraclelinux6-x86_64-patch
16:16:52 Oracle Linux Manager - live synchronization
16:16:52    url: https://olmsvr.mydom.com
16:16:52    debug/output level: 1
16:16:52    db:  c##olm2/<password>@//odbsvr.mydom.com/company.mydom.com
16:16:52 
16:16:52 Retrieving / parsing orgs data
16:16:52 orgs data complete
16:16:52 
16:16:52 Retrieving / parsing channel-families data
16:16:52 channel-families data complete
16:16:52 
16:16:52 Retrieving / parsing product names data
16:16:52 product names data complete
16:16:52 
16:16:52 Retrieving / parsing arches data
16:16:53 arches data complete
16:16:53 
16:16:53 Retrieving / parsing additional arches data
16:16:53 additional arches data complete
16:16:53 
16:16:53 Retrieving / parsing channel data
16:16:54    p = previously imported/synced channel
16:16:54    . = channel not yet imported/synced
16:16:54    base-channels:
16:16:54         NONE RELEVANT                                 
16:16:54    oraclelinux6-x86_64:
16:16:54       . oraclelinux6-x86_64-patch    1367    full import from Fri Jul 10 13:02:52 2015
16:16:54 
16:16:54 Channel data complete
16:16:54 
16:16:54 Retrieving short package metadata (used for indexing)
16:16:54    Retrieving / parsing short package metadata: oraclelinux6-x86_64-patch (1367)
16:17:01 Diffing package metadata (what's missing locally?): oraclelinux6-x86_64-patch
            ________________________________________
Diffing:    ######################################## - complete
16:17:04 
16:17:04 Downloading package metadata
16:17:04    Retrieving / parsing *relevant* package metadata: oraclelinux6-x86_64-patch (1357)
16:17:04    * WARNING: this may be a slow process.
            ________________________________________
Downloading:######################################## - complete
16:42:30 
16:42:30 Downloading rpm packages
16:42:30    Fetching any missing RPMs: oraclelinux6-x86_64-patch (1357)
16:42:53    Total size: 5.31 GiB
16:47:53 Processing rpm packages complete
16:47:53 
16:47:53 Importing package metadata
16:47:53    Importing *relevant* package metadata: oraclelinux6-x86_64-patch (1357)
            ________________________________________
Importing:  ######################################## - complete
18:06:44 
18:06:44 Linking packages to channels
18:07:02 
18:07:02 Downloading errata data
18:07:02    Retrieving / parsing errata data: oraclelinux6-x86_64-patch (216)
            ________________________________________
Downloading:######################################## - complete
18:07:06 Downloading errata data complete
18:07:06 
18:07:06 Downloading kickstartable trees metadata
18:07:06    Retrieving / parsing kickstart data: oraclelinux6-x86_64-patch (NONE RELEVANT)
18:07:06 
18:07:06 Downloading kickstartable trees files
18:07:06    Retrieving / parsing kickstart tree files: oraclelinux6-x86_64-patch (NONE RELEVANT)
18:07:06 
18:07:06 Importing channel errata
18:07:13    Importing *relevant* errata: oraclelinux6-x86_64-patch (468)
            ________________________________________
Downloading:######################################## - complete
18:07:31    No new kickstartable tree to import
    Import complete:
        Begin time: Fri Jul 10 16:16:51 2015
        End time:   Fri Jul 10 18:07:31 2015
        Elapsed:    1 hours, 50 minutes, 40 seconds