System z Expo October 13 – 17, 2008 – Las Vegas, Nevada Managing your Red Hat Enterprise Linux Guests With RHN Satellite Session ID: zLP07 Speaker Names: Brad Hinson, Shawn Wells © 2008 IBM Corporation
A presentation at System z Expo in October 2008 in Las Vegas, NV, USA by Shawn Wells
System z Expo October 13 – 17, 2008 – Las Vegas, Nevada Managing your Red Hat Enterprise Linux Guests With RHN Satellite Session ID: zLP07 Speaker Names: Brad Hinson, Shawn Wells © 2008 IBM Corporation
IBM Training Agenda What is Red Hat Network? – What are the modules? – What are the deployment architectures? – How’s it run on System z? Live Demo © 2008 IBM Corporation
IBM Training Red Hat Network Red Hat’s modular, Web-based Linux management platform ● Highly scalable solution ● Integrates with existing platforms Modular approach ● Updates – Management – Provisioning – Monitoring 3 © 2008 IBM Corporation
IBM Training What Is Red Hat Network? A systems management platform designed to provide complete lifecycle management of the operating system and applications. A single solution for lifecycle management of compute resources – Installing and provisioning new system – Updating systems – Managing configuration files – Monitoring performance – Redeploying for a new purpose 4 © 2008 IBM Corporation
IBM Training Benefits of Red Hat Network Lower system administration costs ● Management tools let you maximize your hardware investment ● Complete installation takes only minutes (Hosted) to 12 days (Satellite) Increase productivity ● 410X system admin productivity, easily allowing 150+ systems/system admin ● Flexible architecture allows use of GUI, API, or CLI (scripted) interface ● All tasks automated allowing you to move beyond “guru bottleneck” Improve security ● Content stream comes directly & immediately from Red Hat ● Complete audit trail and various predefined reports ● Policies and permissions provide centrally managed rolebased administration 5 © 2008 IBM Corporation
IBM Training Example Usage Many enterprises want to use hardware more efficiently ● Demand for externallyfacing services often shifts. In order to adapt to changing demand conditions, administrators need flexible systems ● It can take hours to manually redeploy a single system Detect when demand increases ● Red Hat Network can alert you when systems or applications reach defined levels of performance ● Allows you to take action before customers notice performance degradation Redeploy systems quickly ● Red Hat Network stores profiles that can include packages, custom applications, configuration files, and more ● Use the profiles to change underutilized systems to the type of system needed to meet current business needs ● In 2030 minutes, you can have hundreds of systems redeployed © 2008 IBM Corporation
IBM Training Red Hat Network Components Service Modules ● Update ● Management ● Provisioning ● Monitoring Architectures ● ● Hosted Satellite © 2008 IBM Corporation
IBM Training Update Module Automatically update systems with the latest security fixes Easily obtain security updates, patches, and new OS versions Remove undesired packages through the simple RHN web interface © 2008 IBM Corporation
IBM Training Management Module Easily obtain security updates, patches, and new OS versions Manage groups of systems as easily as a single system Assign permissions Assign permissions to administrators to administrators for managing for managing different groups or different groups or roles roles Remove undesired packages Schedule updates to occur during maintenance windows © 2008 IBM Corporation
IBM Training Provisioning Module Provision existing or bare metal systems using predetermined profiles or system cloning Undo problematic changes with snapshots and rollback Improve consistency by using RHN to manage and deploy configuration files © 2008 IBM Corporation
IBM Training Monitoring Module Group probes into suites for fast deployment Dozens of low impact probes can be set for each system Receive email or pager notices when a probe reaches a predefined warning or critical threshold © 2008 IBM Corporation
IBM Training What Can Be Monitored? System Probes Linux: CPU Usage, Disk I/O Throughput, Disk Usage, Interface Traffic, Load, Memory Usage, Process Health, … Network: FTP, HTTP, HTTPS, IMAP, Ping, POP, RPCService, SSH, SMTP, … Log Agent: Log Size, Pattern Matching, … Application Probes ● Oracle 8i/9i: Availability, Client Connectivity, Disk Sort Ratio, Index Extents, Locks, Sessions, Tablespace Usage, TNS Ping, … ● BEA Weblogic: Heap Free, JDBC Connection Pool, Server State, … ● Apache: Processes, Traffic, Uptime ● MySQL: Database Accessibility, Opened Tables, Query Rate, Threads Running You can also create your own probes using tools provided through Red Hat Network. © 2008 IBM Corporation
IBM Training Hosted Deployment Model RHN Hosted ● System Management ● Software Distribution ● Account Management Subscription Management ● WEB INTERFACE Customer Systems RHN Proxy MANAGED SYSTEMS Quick setup is designed to enable management for small deployments All system information, profiles, and packages are stored in Red Hat’s servers Each managed system connects across the Internet for all managed actions RHN Proxy can be added to lower bandwidth use by caching packages locally © 2008 IBM Corporation
IBM Training Satellite Deployment Module RHN Hosted ● Software Distribution Subscription Management ● RHN Satellite WEB INTERFACE • Software Distribution • Channel Management RHN Proxy • Monitoring • Provisioning API LAYER MANAGED SYSTEMS IT Applications Custom Content Local database stores all packages, profiles, and system information Syncs content from RHN Hosted, can run disconnected from the internet Custom content distribution © 2008 IBM Corporation
IBM Training Example – Single Satellite © 2008 IBM Corporation
IBM Training Example – Multi Tiered Satellite © 2008 IBM Corporation
IBM Training Example – Proxy Vertically Tiered Satellite © 2008 IBM Corporation
IBM Training Example – System z © 2008 IBM Corporation
IBM Training How It Works Database Your existing database (standalone) or bundled (embedded Oracle 9i R2) RHN Satellite Server – Entry point for Red Hat Update Agent running on clients – Apache HTTP server serving XML-RPC requests) RHN Satellite Web Interface – Advanced system, system group, user, and channel management interface RPM Repository 19 – Package repository for Red Hat RPM packages as well as middleware/custom RPM packages. © 2008 IBM Corporation
IBM Training How It Works Management Tools – Database and file system syncrhonization tools – RPM importing tools – Channel maintenance tools (Web based) – Errata management tools (Web based) – User management tools (Web based) – Client system and system grouping tools (Web based) – Red Hat Update Agent on the client systems 20 © 2008 IBM Corporation
IBM Training Installation Requirements Software – RHEL 4 (31-bit or 64-bit) – @Base install Hardware – 1 to 2 (virtual) IFLs – 2 to 4 GB storage (memory) – 1 GB swap (combination VDISK, disk) – 1 x mod3 for OS install – Estimated 12 GB disk space for embedded database – 6 GB per channel (disk) 21 © 2008 IBM Corporation
IBM Training Infrastructure Requirements Network Ports – (80, 443) outbound, unless running in disconnected mode – (80, 443) inbound, for WebUI and client requests – (4545) outbound, if monitoring is configured and probes are active on clients – (5222) inbound, to push actions to client systems – (5269) inbound, to push actions to RHN Proxy Server Other Requirements – Red Hat Network account – Entitlement Certificate 22 © 2008 IBM Corporation
IBM Training Example RHN Certificate (XML) <rhn-cert version=”0.1”> <rhn-cert-field name=”product”>RHN-SATELLITE-001</rhn-cert-field> <rhn-cert-field name=”owner”>Clay’s Precious Satellite</rhn-cert-field> <rhn-cert-field name=”issued”>2005-01-11 00:00:00</rhn-cert-field> <rhn-cert-field name=”expires”>2005-03-11 00:00:00</rhn-cert-field> <rhn-cert-field name=”slots”>30</rhn-cert-field> <rhn-cert-field name=”provisioning-slots”>30</rhn-cert-field> <rhn-cert-field name=”nonlinux-slots”>30</rhn-cert-field> <rhn-cert-field name=”channel-families” quantity=”10” family=”rhel-cluster”/> <rhn-cert-field name=”channel-families” quantity=”30” family=”rhel-ws-extras”/> <rhn-cert-field name=”channel-families” quantity=”10” family=”rhel-es-extras”/> <rhn-cert-field name=”channel-families” quantity=”40” family=”rhel-as”/> <rhn-cert-field name=”channel-families” quantity=”30” family=”rhn-tools”/> <rhn-cert-field name=”satellite-version”>3.6</rhn-cert-field> <rhn-cert-field name=”generation”>2</rhn-cert-field> <rhn-cert-signature> ——-BEGIN PGP SIGNATURE——Version: Crypt::OpenPGP 1.03 iQBGBAARAwAGBQJCAG7yAAoJEJ5yna8GlHkysOkAn07qmlUrkGKs7/5yb8H/nboGmhHkAJ9wdmqOeKfcBa3IUDL5 oNMEBP/dg===0Kv7 ——-END PGP SIGNATURE——</rhn-cert-signature> </rhn-cert> 23 © 2008 IBM Corporation
IBM Training Installing RHN Satellite mount -o loop iso_filename /media/ cd /media; ./install.pl – ./install.pl —help – ./install.pl —disconnected Installer steps – Create database – Import Satellite certificate – Register/Activate Satellite – Generate CA certificate for SSL traffic 24 © 2008 IBM Corporation
IBM Training Importing Packages (satellite-sync) Synchronize metadata/packages with RHN – Satellite connected to RHN Internal steps – channel-families – Import/sync channel family (architecture) data – channels – Import/sync channel data – rpms – Import/sync RPMs – packages – Import/sync full package data for RPMs retrieved successfully – errata – Import/sync Errata information 25 © 2008 IBM Corporation
IBM Training Importing Packages (disconnected) Synchronize metadata/packages from Channel Content ISO – Released shortly after each RHEL update on RHN, then in regular increments Use channel data from another Satellite – rhn-satellite-exporter exports channel families, architectures, channel metadata, blacklists, RPMs, RPM metadata, errata, and kickstarts – rhn-satellite-exporter —dir=/var/sat-backup/ – scp -r storage.example.com:/var/sat-backup/* /var/rhn-sat-import – satellite-sync —list-channels —mount-point /var/rhn-sat-import – satellite-sync -c rhel-s390x-as-4 —mount-point /var/rhn-satimport 26 – Can specify multiple channels in one command. Estimate ~2 hours per channel. © 2008 IBM Corporation
IBM Training Further Information ● Problem ● ● Where can I find further information on RHN Satellite? Solution ● Red Hat Knowledgebase http://kbase.redhat.com/faq/ RHN Documentation ● ● https://rhn.redhat.com/help/ RHN Satellite Users mailing list ● ● https://www.redhat.com/mailman/listinfo/rhn-satellite-users RHN Satellite comes with 24/7 support ● ● 27 ● https://www.redhat.com/apps/support/ © 2008 IBM Corporation
IBM Training Contacting Red Hat Support ● Problem ● ● Solution ● 28 My Satellite is not working, what should I do?
IBM Training QUESTIONS? 29 © 2008 IBM Corporation
System z Expo October 13 – 17, 2008 – Las Vegas, Nevada APPENDIX © 2008 IBM Corporation
IBM Training Tech Data ● RHN Satellite Components ● Apache ● Java & RHN Push ● Monitoring ● Database & Taskomatic ● Misc data 31 © 2008 IBM Corporation
IBM Training RHN Satellite Components ● Web Server – Apache ● Satellite Web UI ● /XMLRPC ● /API ● Java – Tomcat (new) ● RHN Push – Jabber ● 32 ● ● osa-dispatcher (server side) ● osad (client side) Monitoring Technology (new) ● Monitoring Backend ● Monitoring Scout Database Server – Oracle 9i © 2008 IBM Corporation
IBM Training RHN Satellite: Apache Apache processes within RHN Satellite handle multiple types of requests – Satellite Web UI with perl and java components – /XMLRPC, /API & /APPLET via python Main configuration files – /etc/httpd/conf/httpd.conf – /etc/httpd/conf/rhn/ – /etc/rhn/rhn.conf 33 Runs with standard httpd daemon on ports 80 and 443 Apache writes to various log files in the follow locations – /var/log/rhn/ – /var/log/httpd/ Misc files of note – SSL Certificates used by Apache –/ etc/httpd/conf/ssl.key/server. key –/ etc/httpd/conf/ssl.crt/server. crt © 2008 IBM Corporation
IBM Training RHN Satellite: Java & RHN Push Tomcat is communicated to via The jabber protocol is used by Apache for portions of the Java RHN to push scheduled actions Web UI within RHN Satellite 4.0 to systems. Main configuration file ● /etc/tomcat5/tomcat5.conf ● ● Main log directory ● /var/log/tomcat5/ Tomcat daemon listens to ports ● ● 34 ● 8005 8009 8080 Satellite connects to jabber (osa-dispatcher) Clients connect to jabber (osad) Main configuration files for push technology ● /etc/jabberd/jabberd.cfg ● /etc/rhn/rhn.conf Main log files are ● /var/log/messages ● /var/log/rhn/osa-dispatcher.log © 2008 IBM Corporation
IBM Training RHN Satellite: Monitoring Monitoring Backend Monitoring Scout Some of the monitoring configuration files ● /etc/rhn/rhn.conf ● /etc/rhn/cluster.ini ● /etc/NOCpulse.ini ● Monitoring has one main nanny script which is gogo.pl Nearly all Monitoring logging is done within ● /home/nocpulse/var/ ● /opt/notification/var/ / etc/httpd/conf/rhn/rhn_monitoring. conf Specific to Scout ● /home/nocpulse/etc/SatCluster.ini 35 © 2008 IBM Corporation
IBM Training RHN Satellite: Database RHN Satellite needs communication to an Oracle 9i Database Server ● Embedded or External Oracle Main configuration files for database ● /etc/tnsnames.ora ● /etc/rhn/rhn.conf ● Listener daemon (tnslsnr) runs localhost only on port 1290 Main log files for Oracle ● ● /var/log/rhn/rhn_database.log / rhnsat/admin/rhnsat/bdump/alert_rhns at.log / opt/apps/oracle/config/9.2.0/spfilerhns at.ora 36 © 2008 IBM Corporation
IBM Training Anything Else To Know? The most important configuration file ● /etc/rhn/rhn.conf Two common general options of interest that can be changed ● ● traceback_mail – change the default email address alerts go to. Check this email address for traceback emails if something goes wrong debug - default is 1, setting to 5 or 6 is enough for troubleshooting Restart RHN Satellite services using command ● service rhnsatellite restart ● This will run the following service scripts ● ● jabberd rhndatabase osadispatcher taskomatic tomcat5 httpd Monitoring MonitoringScout 37 © 2008 IBM Corporation
IBM Training Trademarks The following are trademarks of the International Business Machines Corporation in the United States, other countries, or both. Not all common law marks used by IBM are listed on this page. Failure of a mark to appear does not mean that IBM does not use the mark nor does it mean that the product is not actively marketed or is not significant within its relevant market. Those trademarks followed by ® are registered trademarks of IBM in the United States; all others are trademarks or common law marks of IBM in the United States. For a complete list of IBM Trademarks, see www.ibm.com/legal/copytrade.shtml: *, AS/400®, e business(logo)®, DBE, ESCO, eServer, FICON, IBM®, IBM (logo)®, iSeries®, MVS, OS/390®, pSeries®, RS/6000®, S/30, VM/ESA®, VSE/ESA, WebSphere®, xSeries®, z/OS®, zSeries®, z/VM®, System i, System i5, System p, System p5, System x, System z, System z9®, BladeCenter® The following are trademarks or registered trademarks of other companies. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office. IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency, which is now part of the Office of Government Commerce. * All other products may be trademarks or registered trademarks of their respective companies. Notes: Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here. IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply. All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions. This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area. All statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography. 38 © 2008 IBM Corporation