Chapter 2 Creating Software Channels and Repositories

This chapter describes how to create software channels in Oracle Linux Manager. Client systems subscribe to channels to obtain packages and errata. Each channel is associated with at least one repository that defines the source of the packages and errata.

The examples in this chapter use the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. However, you can also use Oracle Linux Manager to obtain software packages from other internal or external sources.

Caution

If you are using Oracle Linux 8 or Oracle Linux 9, note the limitations of channel manipulation if channels contain modules. See Known Issues in Oracle Linux Manager in Oracle® Linux Manager: Release Notes.

2.1 About Software Channel Configuration

ULN has more than 100 unique channels for supported architectures. To access ULN, go to https://linux.oracle.com/.

ULN provides an olN_arch_[baseos]_latest label for the repository that includes all of the latest versions of the packages in a distribution, including any errata that are also provided in the patch channel.

Note

The inclusion of baseos in the label applies only to Oracle Linux 8 and Oracle Linux 9.

If no vulnerabilities have been found in a package, the package version might be the same as the version that was included in the original distribution. For other packages, the version is the same as the version that is provided in the patch channel for the highest update level. For example, for Oracle Linux 8 using the x86_64 architecture, the ol8_x86_64_baseos_latest channel contains a combination of the ol8_x86_64_u1_baseos_base as well as the ol8_x86_64u1_baseos_patch channels.

Important

Do not register an Oracle Linux Manager server or client with ULN. Instead, register an Oracle Linux Manager server as a client of itself to receive updates.

The Oracle Linux yum server provides the olN_latest label for the repository that includes all of the packages for an entire Oracle Linux release, in addition to the olN_uN_base repository for each update.

Some channels, such as the patch channel, and those for DTrace userspace, Ksplice, and OFED are available on ULN, but not the Oracle Linux yum server.

ULN also provides older versions of packages that are added to a parent channel. The _archive suffix is usually added to the channel for which it hosts archive packages. For example, the _latest channels have equivalent _latest_archive channels to host older versions of packages that have been updated in the _latest channels.

Packages are moved to an archive channel when newer versions of the same packages are added to the parent channel. The addition of archive channels helps keep the metadata for the parent channel manageable and also keeps the overall size of the channel to a minimum. If you require an earlier version of a package, you can subscribe to the equivalent _archive channel to obtain it. When performing an installation or downgrade, you must specify the version of the package that you want to install.

Note

Avoid installing packages from an _archive channel. Doing so might result in your system running software that has since been patched for security related issues. Your system becomes exposed to vulnerabilities that could be exploited for malicious purposes.

ULN also provides base and patch channels for each update of an Oracle Linux release. Depending on the Oracle Linux release, other channels might provide the latest packages for additional features such as DTrace user-space, Ksplice, and the OpenFabric Enterprise Edition (OFED) feature. The Oracle Linux yum server, however, does not provide patch channels for updates.

Other channels might also be available, such as _beta channels for beta versions of packages.

As each new, major version or minor update of Oracle Linux becomes available, Oracle creates new base and patch channels for each supported architecture to distribute new packages. The existing base and patch channels for the previous versions or updates remain available and do not include the new packages. The _latest channel distributes the latest possible version of any package, and tracks the top of the development tree independently of the update level.

Oracle recommends that you design a channel configuration that is based on your particular work flow. For example, if you intend to use Oracle Linux Manager's channel cloning feature to promote systems from development through testing to production, you could configure a base channel and child patch channel together with other child channels.

If you duplicate child channels, you do not need to duplicate their repositories. These channels can use the same repositories as the channel from which they were cloned. For example, each cloned base channel might have a unique addons child channel, but each of the child channels would use the same repository. The packages are not duplicated, even though they are referenced in multiple channels.

To make archive channel content available to local clients, you must first create repositories for each ULN archive channel that you want to synchronize, then map these repositories to the software channels that you have created in Oracle Linux Manager.

If necessary, you can maintain the latest channels separately, without subscribing any systems to these channels. If the need arises, you can copy errata packages form the latest channels to the patch channels to make the latest fixes available.

Note

You do not need to associate a software channel with a repository if you want to create custom channels that obtain their packages by methods such as rhnpush or uploading by using the web interface. These methods enable you to serve locally developed and packaged software that has no upstream repository.

For a complete description of the main channels that are available on ULN, see the chapter on ULN registration in Oracle® Linux: Unbreakable Linux Network User's Guide for Oracle Linux 6 and Oracle Linux 7.

2.2 Configuring Software Channels for ULN

Oracle Linux Manager servers and clients must not be registered with ULN. Instead, register an Oracle Linux Manager server as a client of itself to receive updates. Oracle Linux Manager contains a ULN plug-in for the spacewalk-repo-sync tool. The plug-in enables you to synchronize software channels without having to register Oracle Linux Manager server with ULN.

To configure the plug-in:

  1. Grant read-write permissions to /etc/rhn/spacewalk-repo-sync/uln.conf.

    sudo chmod 600 /etc/rhn/spacewalk-repo-sync/uln.conf
  2. Edit the file by adding your SSO login user name and password for ULN:

    [main] 
    username=ULN_SSO_username 
    password=ULN_SSO_password
  3. Revert the file's permissions to read-only.

    sudo chmod 400 /etc/rhn/spacewalk-repo-sync/uln.conf
  4. (Optional) Verify that the read-only permission has been restored to the file.

    sudo ls -l /etc/rhn/spacewalk-repo-sync/uln.conf

    Ensure that this file has read-only permissions by root to protect your ULN credentials.

After you have have configured the ULN plug-in, you can use either the Oracle Linux Manager web interface, the spacecmd command, or the spacewalk-common-channels command to create Oracle Linux Manager software channels, repositories, and activation keys.

Tip

Although the spacewalk-common-channels configures software channels to access the Oracle Linux yum server, you can configure the repository entries to access ULN instead. For example, if you want to use the Oracle Linux base and patch channels for an Oracle Linux release update on ULN, reconfigure the base software channel to access the base channel and create an additional child channel and associated repository entry for the patch channel.

2.3 Obtaining Packages From the Oracle Linux Yum Server

Use the spacewalk-common-channels command to configure software channels that use the Oracle Linux yum server. This command also enables you to configure repositories, GPG keys, and activation keys for Oracle Linux releases.

Note

The spacewalk-common-channels currently cannot yet create Oracle Linux 9 channels.

To list the available channels, use the --list option:

sudo spacewalk-common-channels --list | grep "oracle"
Note

Unlike ULN, the Oracle Linux yum server does not provide patch channels for each update of an Oracle Linux release. Instead, the spacewalk-common-channels command configures the base (parent) software channel to use the olN_latest repository, which includes all of the packages for the entire release.

Some ULN channels, such as those for DTrace userspace, Ksplice, and OFED, are not available on the Oracle Linux yum server.

For example, you would create the software channels for Oracle Linux 8 (x86_64) as follows:

sudo spacewalk-common-channels -v -u swadm -p swadm_passwd -a x86_64 -k unlimited 'oraclelinux8*'

The -k unlimited option specifies that the command should create an activation key with no limit on the number of servers with which you can use it. Otherwise, no activation key is activated.

See the following for more information and instructions:

After you have set up the software channels and repositories, download the packages by synchronizing the software channels with the Oracle Linux yum server. See Section 2.6, “Synchronizing Software Channels”.

2.4 Configuring Oracle Linux Manager Repositories

Oracle Linux Manager repositories define where to obtain packages from ULN or the Oracle Linux yum server.

For ULN, an Oracle Linux Manager repository specifies the URL of a ULN channel in the following format:

uln:///ULN_channel_label

To obtain a list of available ULN channel labels, do the following:

  1. Log in to ULN (https://linux.oracle.com) and then select the Channels tab.

  2. On the Channels page, select the release and architecture from their respective pull-down menus.

    The resulting page displays the channels, their labels, and their descriptions. The URL for Oracle Linux 8 Application Stream Packages (x86_64) channel, for example, would be uln:///ol8_x86_64_appstream.

For the Oracle Linux yum server, an Oracle Linux Manager repository specifies the URL of a repository in the following format:

https://yum.oracle.com/repository_path

To obtain the correct URL for a repository, do the following:

  1. At https://yum.oracle.com/, select your Oracle Linux release from the list of repositories, for example, Oracle Linux 7 .

  2. From the list of latest packages, click the link to the packages that corresponds to your system's architecture, for example, x86_64.

    A list of the RPM packages is displayed. The page also includes the Direct YUM Repository URL of the repository you are viewing.

Note

For Oracle Linux 8 repository access, you must install the appropriate release-el8 packages and enable any repositories to which you require access prior to configuring yum repositories.

For more detailed information about DNF and Yum repository configuration in Oracle Linux 8, see Oracle® Linux: Managing Software on Oracle Linux. See also the dnf(5) manual page.

2.4.1 Using the Oracle Linux Manager Web Interface

Figure 2.1 Repositories Page

Go to Channels, select Manage Software Channels, and then select Manage Repositories:

  • To create a repository:

    1. Click + Create Repository.

    2. On the Create New Repository page, enter the following repository settings:

      Repository Label

      Name for the repository, for example, Oracle Linux 8 (x86_64).

      Repository URL

      URL of the source for the repository's packages, for example, uln:///ol8_x86_64_baseos_latest or https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64.

      Repository Type

      Source of the repositories depending on the Repository URL setting, which is either uln or yum.

      Leave the remaining fields unset for Oracle Linux.

    3. Click Create Repository to create the repository.

  • To view a repository, select its entry to display its details.

  • To modify a repository:

    1. Select the repository that you want to edit.

    2. On the Repository Details page, modify the repository settings and click Update Repository to save your changes.

  • To delete a repository:

    1. Go to Channels, select Manage Software Channels, and then select Manage Repositories.

    2. Select the repository that you want to delete.

    3. On the Repository Details page, click Delete repository, and then confirm the deletion.

To associate a software channel with a repository, see Section 2.5.1, “Using the Oracle Linux Manager Web Interface”.

Note About Using Special Characters

Both Oracle Linux Manager web interface and spacecmd subcommands enable you to configure Oracle Linux Manager repositories, channels, and so on. However, they differ when handling special characters.

With the web interface, special characters such as parentheses are automatically dropped when you click the Create button. Thus, (x86_64), for example, becomes stored as x86_64.

However, the spacecmd command preserves these characters. Thereafter, if you continue to use the command line on channels or repositories whose names contain special characters, you must use the backslash (\) escape character for these special characteres to be parsed correctly. See the example for repo_details in Section 2.4.2, “Using the repo_create Command”.

Tip

To facilitate your work, do not use special characters when you create channels and repositories with the command line. Thus, you would avoid unexpected results, especially if you regularly switch between the web interface and command line when administering Oracle Linux Manager.

2.4.2 Using the repo_create Command

Create a repository by using the repo_create command as follows. The information you need to provide is in bold:

spacecmd {SSM:0}> repo_create
Name: Oracle Linux 8 x86_64
URL: uln:///ol8_x86_64_baseos_latest
Type: uln
...

To list all repositories, use the repo_list command:

spacecmd {SSM:0}> repo_list

To list the details of a repository, use the repo_details command:

spacecmd {SSM:0}> repo_details "Oracle Linux 8 x86_64"

For example, listing the details of the Oracle Linux 8 x86_64 repository would display the following:

spacecmd {SSM:0}> repo_details "Oracle Linux 8 x86_64"
Repository Label:                  Oracle Linux 8 x86_64
Repository URL:                    uln:///ol8_x86_64_baseos_latest
Repository Type:                   uln
Repository SSL Ca Certificate:     None
Repository SSL Client Certificate: None
Repository SSL Client Key:         None

Note

If you used the command line and created repositories with special characters, for example, Oracle Linux 8 (x86_64), then you would type:

spacecmd {SSM:0}> repo_details "Oracle Linux 8 \(x86_64\)"

The example shows how you need to use the backslash character for the command to correctly parse the parentheses in the repository name. Preferably, avoid using special characters in repository or channel names. See Note About Using Special Characters.

To delete a repository, use the repo_delete command. Ensure that you confirm the command as prompted.

spacecmd {SSM:0}> repo_delete "Ksplice for Oracle Linux 7"

To associate a software channel with a repository, see Section 2.5.2, “Using the softwarechannel_create Command”.

2.5 Configuring Software Channels

The main software channel for an Oracle Linux release is referred to as the base or parent software channel. A base channel has associated child software channels. Each child software channel provides packages that are not available with the base software channel. If multiple versions of a package exist in different subscribed channels, yum versioning and dependency resolution ensure that the most up-to-date version of a package is installed.

You can subscribe a client to a single base channel and one or more of its child channels. For channels that are not specific to an update, such as addons, create an addons child channel for each update-level base channel and associate this child channel with the same addons repository.

If you set up Oracle Linux Manager to obtain Oracle Linux packages from ULN, Oracle recommends that you configure a separate olN-un_arch-base base software channel and olN-un-arch-patch child software channel for each Oracle Linux update, as it becomes available. This practice ensures that software channels stay small and helps to speed up channel cloning. Client systems are not upgraded across update levels unless you either change the source channel used for channel cloning or reconfigure the channels to which a client system subscribes.

The following example illustrates a typical configuration of the base and child software channels for Oracle Linux, where the base and patch channels are synchronized with ULN:

oraclelinux7-x86_64-base
 |-- oraclelinux7-x86_64-addons
 |-- oraclelinux7-x86_64-ksplice
 |-- oraclelinux7-x86_64-optional
 |-- oraclelinux7-x86_64-patch
 |-- oraclelinux7-x86_64-spacewalk27-client
 |-- oraclelinux7-x86_64-uek-r4
Note

Software channels other than the base and patch software channels do not have to be associated with ULN.

On the Oracle Linux yum server, if the base channel for an update release is synchronized with the _latest channel, a configuration similar to the following is obtained:

oraclelinux7-u4-x86_64-base
 |-- oraclelinux7-u4-x86_64-addons
 |-- oraclelinux7-u4-x86_64-ksplice
 |-- oraclelinux7-u4-x86_64-optional
 |-- oraclelinux7-u4-x86_64-patch
 |-- oraclelinux7-u4-x86_64-spacewalk27-client
 |-- oraclelinux7-u4-x86_64-uek-r4

2.5.1 Using the Oracle Linux Manager Web Interface

Figure 2.2 Software Channel Management Page

Go to Channels and select Manage Software Channels:

  • To create a software channel:

    1. Click + Create Channel.

    2. On the Create Software Channel page, enter channel settings in the following fields, which are the most important for the initial configuration of a channel:

      Channel Name

      Descriptive short name for the channel, for example, Oracle Linux 8 (x86_64) Base.

      Channel Label

      Unique label for the channel that is used by the software, for example, oraclelinux8-x86_64.

      Note

      Channel labels must be unique across the entire Oracle Linux Manager installation. If you have multiple child channels that use the same upstream repository, for example, if you have multiple parents, then each child channel must have its own unique label. A recommended practice is to specify the update level for each hierarchy in the label, such as oraclelinux8-u1-x86_64.

      Parent Channel

      Channel of which the channel you are configuring is a child. If this is a base channel, select None.

      Architecture

      Architecture of the systems the channel serves. If necessary, select the architecture from the pull-down list. For i386 repositories, the option is IA-32.

      Yum Repository Checksum Type

      For Oracle Linux, select sha256.

      Channel Summary

      Short, descriptive summary of the channel, for example the channel name.

      This field cannot be left blank.

      Channel Description

      Long description of the channel or leave the field blank.

      GPG key URL

      URL of the local GPG key. For Oracle Linux, the URL is file:///etc/pki/rpm-gpg/RPM-GPG-KEY.

      The key must be stored locally. Thus, for third-party repositories, you must import the GPG key into the local file system and deploy it by using provisioning or another method that is appropriate for your site.

      GPG key ID , GPG key Fingerprint

      Key ID and fingerprint for the Oracle Linux release.

      Consult the following table:

      Release

      Key ID

      Key Fingerprint

      Oracle Linux 7

      EC551F03

      4214 4123 FECF C55B 9086 313D 72F9 7B74 EC55 1F03

      Oracle Linux 8

      AD986DA3

      76FD 3DB1 3AB6 7410 B89D B10E 8256 2EA9 AD98 6DA3

      Oracle Linux 9

      8D8B756F

      3E6D 826D 3FBA B389 C2F3 8E34 BC4D 06A0 8D8B 756F

    3. Click Create Channel.

  • To associate a software channel with a repository:

    1. Select the channel that you want to associate with a repository.

    2. On the Basic Channel Details page, select Repositories, select the check box of the repository, and click Update Repositories.

  • To view a software channel, select its entry to display its details.

    Alternatively, go to Channels, select Software Channels and click a channel name to view its details. You can also select a specific channel and click Show All Child Channels to display its child channels.

  • To modify a software channel:

    1. Select the channel that you want to edit.

    2. On the Basic Channel Details page, modify the channel settings and click Update Channel to save your changes.

      Note

      You cannot change the channel label after you have created the channel.

  • To delete a software channel:

    1. Select the channel that you want to delete.

    2. On the Basic Channel Details page, click delete software channel and then click Delete Channel to confirm.

2.5.2 Using the softwarechannel_create Command

Create a software channel by using the following interactive command:

softwarechannel_create

In the interactive mode, manual input of specific information is required, as shown in bold in the following example:

spacecmd {SSM:0}> softwarechannel_create
Channel Name: Ksplice for Oracle Linux 7
Channel Label: oraclelinux7-x86_64-ksplice
Base Channels
-------------
oraclelinux7-x86_64
oraclelinux8-x86_64

Select Parent [blank to create a base channel]: oraclelinux7-x86_64

Architecture
------------
i386-sun-solaris
ia32
ia64
ppc
sparc-sun-solaris
x86_64

Select: x86_64

Checksum type
------------
sha256
sha384
sha512

Select: sha256

GPG URL
------------

GPG URL: file:///etc/pki/rpm-gpg/RPM-GPG-KEY

GPG ID
------------

GPG ID: EC551F03

GPG Fingerprint
---------------

GPG Fingerprint: 4214 4123 FECF C55B 9086 313D 72F9 7B74 EC55 1F03

To associate a software channel with a repository, use the softwarechannel_addrepo command, as shown in the following example:

spacecmd {SSM:0}> softwarechannel_addrepo ksplice-ol7-x86_64 "Ksplice for Oracle Linux 7"

To list all software channels, use the softwarechannel_list command.

spacecmd {SSM:0}> softwarechannel_list oraclelinux7*

To list all base (parent) software channels, use the softwarechannel_listbasechannels command.

spacecmd {SSM:0}> softwarechannel_listbasechannels

To list the children of a base software channel, use the softwarechannel_listchildchannels command.

spacecmd {SSM:0}> softwarechannel_listchildchannels base-channel

To list the systems that subscribe to a software channel, use the softwarechannel_listsystems command:

spacecmd {SSM:0}> softwarechannel_listsystems base-channel

To display the details of a software channel, use the softwarechannel_details command.

spacecmd {SSM:0}> softwarechannel_details channel-name

The following output is displayed:

The following example shows how to list the details of the ol8_x86_64_baseos_latest channel:

spacecmd {SSM:0}> softwarechannel_details ol8_x86_64_baseos_latest
Label:              ol8_x86_64_baseos_latest
Name:               Oracle Linux 8 (x86_64)
Architecture:       x86_64
Parent:             
Systems Subscribed: 0
Number of Packages: 0

Summary
-------
Oracle Linux 8 (x86_64)

GPG Key:            AD986DA3
GPG Fingerprint:    76FD 3DB1 3AB6 7410 B89D B10E 8256 2EA9 AD98 6DA3
GPG URL:            file:///etc/pki/rpm-gpg/RPM-GPG-KEY

Repos
-----
Oracle Linux 8 x86_64 BaseOS Latest

To delete a software channel, use the softwarechannel_delete command. Ensure that you confirm the command as prompted.

spacecmd {SSM:0}> softwarechannel_delete channel-name

2.6 Synchronizing Software Channels

After you have configured the software channels and the associated repositories, synchronize the software, either by performing an immediate manual synchronization or by scheduling a recurring synchronization job.

At a minimum, Oracle recommends that you update the Oracle Linux latest channels daily.

The initial synchronization of the Oracle Linux channels can take several days to complete. Oracle recommends that you perform an initial manual synchronization to populate the channels, and then configure a recurring job to keep them updated.

2.6.1 Memory Considerations When Building Repositories

When building repository metadata, Oracle Linux Manager can fail with insufficient memory issues. This failure is caused by the default Java memory settings for the Taskomatic daemon, which are set to 512 MB of minimum RAM and 1024 MB of maximum RAM. These settings are defined in the global Oracle Linux Manager configuration file /etc/rhn/rhn.conf.

If this type of failure occurs, increase the maximum memory to 4096 MB by setting the following property in the configuration file:

taskomatic.java.maxmemory=4096

However, to assign a value greater than 4096 MB, follow these steps:

  1. Disable the automatic memory property settings.

  2. Manually add the minimum and maximum Java memory values (-Xms and -Xmx, respectively) to the taskomatic.java.additional.1 and taskomatic.java.additional.2 properties.

    The configuration file would resemble the following example:

    taskomatic.java.initmemory=0
    taskomatic.java.maxmemory=0
    taskomatic.java.additional.1=-Xms1024m
    taskomatic.java.additional.2=-Xmx8192m

Similar memory issues can also occur in the web interface if you have big data sets, such as a large number of servers or packages. To resolve these issues, increase the Tomcat memory limits in the /etc/sysconfig/tomcat file. Specifically, edit the JAVA_OPTS environment variable and increase -Xmx, which is the parameter for the maximum amount of memory.

For example, -Xmx1024m increases the maximum size of the heap to 1 GB.

After making changes to the memory settings, restart the Oracle Linux Manager services.

sudo /usr/sbin/spacewalk-service restart

2.6.2 Using the Oracle Linux Manager Web Interface

Figure 2.3 Channel Repositories Page

To synchronize software channels:

  1. Go to Channels, select Manage Software Channels and then select the required channel.

  2. On the Channel Details page, select Repositories.

  3. On the Channel Repositories page, select the Sync tab.

    1. Select the following check boxes as required:

      Do not sync errata

      Select if you do not want to synchronize any errata that are available for the channel.

      Sync only latest packages

      Select if you want to synchronizes only the latest packages from the repositories.

      Caution

      DO NOT select this check box when synchronizing module-enabled channels such as ol8_AppStream. The mechanism that underlies this option is not module-aware and if used, will skip required packages.

      Create kickstartable tree

      Select if you want to associate a kickstart profile with the channel.

      However, note that ULN and the Oracle Linux yum server do not host the boot image files that you require to create a kickstartable tree. Instead, you can obtain the files from a Oracle Linux Media Pack DVD image and make them available on a local file system. See Chapter 4, Provisioning Client Systems.

      Terminate upon any error

      Select to stop synchronization if an error occurs.

    2. Synchronize the software channel:

      • To perform an immediate manual synchronization, click Sync Now.

      • To schedule a recurring synchronization job, select the preferred schedule and times, and then click Schedule.

        You can specify a schedule by using Quartz format. For example, 0 30 22 ? * *, would specify that Oracle Linux Manager should resynchronize the channel every day at 10:30 PM. Using Quartz format is the only way to schedule a synchronization several times a day. For example, 0 0 0,2,22 ? * *, would specify that synchronization should take place at 10 PM, midnight, and 2 AM. For more information, see http://www.quartz-scheduler.org/overview/.

2.6.3 Using the softwarechannel_syncrepos Command

The softwarechannel_syncrepos command is used within a spacecmd session as follows:

spacecmd {SSM:0}> softwarechannel_syncrepos oraclelinux7-x86_64-ksplice
Caution

DO NOT use the --latest option when synchronizing module-enabled channels such as ol8_AppStream. The mechanism that underlies this option is not module-aware and if used, will skip required packages.

Note that the command returns immediately and does not show the status of the synchronization.

Use the tail -f command to view the log file, /var/logs/rhn/reposync/channel_label.log.

To set up a schedule for channel synchronization, use the softwarechannel_setsyncschedule command, for example:

spacecmd {SSM:0}> softwarechannel_setsyncschedule oraclelinux7-x86_64-ksplice 0 30 2 ? * *

The previous command configures the oraclelinux7-x86_64-ksplice channel to be resynchronized once every day at 2:30 AM. Specify the schedule in Quartz format. For more information, see http://www.quartz-scheduler.org/overview/.

To list scheduled channel synchronizations, use the softwarechannel_listsyncschedule.

spacecmd {SSM:0}> softwarechannel_listsyncschedule

To remove a scheduled channel synchronization, use the softwarechannel_removesyncschedule command, for example:

spacecmd {SSM:0}> softwarechannel_removesyncschedule oraclelinux7-x86_64-uek-r3
Caution

DO NOT use the --latest option when synchronizing module-enabled channels such as ol8_AppStream. The mechanism that underlies this option is not module-aware and if used, will skip required packages.

2.6.4 Using the spacewalk-repo-sync Command

The spacewalk-repo-sync command is issued outside of a spacecmd session.

The command can be run manually or in a cron job. If you run the command in a cron job, include the -q or --quiet options to prevent large email messages from being sent to root.

To display the channel label and the URL of the repository, use the spacewalk-repo-sync -l together with grep.

sudo spacewalk-repo-sync -l | grep repo-keyword

This example applies to the Ksplice repository.

sudo spacewalk-repo-sync -l | grep ksplice
ksplice-ol7-x86_64 | uln:///ol7_x86_64_ksplice
ksplice-ol6-i386 | uln:///ol6_i386_ksplice
ksplice-ol6-x86_64 | uln:///ol6_x86_64_ksplice

This example applies to the addons repository:

sudo spacewalk-repo-sync -l | grep addons
oraclelinux7-x86_64-addons | https://yum.oracle.com/repo/OracleLinux/OL7/addons/x86_64/
ol8_x86_64_addons          | https://yum.oracle.com/repo/OracleLinux/OL8/addons/x86_64/

To synchronize a channel with either a Yum or a ULN repository, use the -c option.

sudo spacwalk-repo-sync -c channel

For the Ksplice channel, you would type:

sudo spacewalk-repo-sync -c ol7_x86_64_ksplice

To synchronize a parent channel and all of its children in one operation, Use the -p option.

For the Oracle Linux 7 x86_64 base channel, you would type:

sudo spacewalk-repo-sync -p oraclelinux7-x86_64 [--latest]

If you include --latest, the server synchronizes only the latest packages that are available:

The --latest option downloads the latest packages that are available at the time of synchronization. Running the command does not remove older packages from the channel. If the time interval between synchronizations is large, you might miss a particular version of a package, which can have implications for errata handling because errata are associated with specific package versions. If errata consistency is important to you, Oracle recommends that you do not use --latest, except when synchornizing a Ksplice channel, where packages are always cumulative.

Caution

DO NOT use the --latest option when synchronizing module-enabled channels such as ol8_AppStream. The mechanism that underlies this option is not module-aware and if used, will skip required packages.

For more information, see the spacewalk-repo-sync(8) manual page.

To reduce the overall space consumed by Ksplice Offline packages, Oracle strongly recommends using repository filters to limit downloaded packages to only those required by your client systems. You can apply a filter either on the Repository configuration in the Manage Repositories page in the web UI or by providing the -i or --include parameter with the spacewalk-repo-sync command line, for example:

sudo spacewalk-repo-sync --channel ol6_x86_64_ksplice -t uln -i uptrack-updates-installed kernel base version,...

2.7 Cloning Software Channels

Clone a software channel to capture the state of its packages and errata at a given point. Cloned channels are useful for providing a stable reference base when developing and testing server systems before deployment. Cloning channels are not recommended for deployed systems, as they might be exposed to security vulnerabilities. When a channel with defined modules and streams is cloned, the software clones the modules.yaml file and thus ensures that the clone channel's file matches the state of the channel at the point of cloning.

2.7.1 Using the Oracle Linux Manager Web Interface

Use the web interface especially to clone one channel at a time.

Figure 2.4 Clone Channel Page

Clone a software channel as follows:

  1. Go to Channels and select Manage Software Channels.

  2. Click Clone Channel.

  3. On the Clone Channel page, select the source channel that you want to clone from the pull-down menu, and select the clone type:

    Current state of the channel (all errata)

    The cloned channel includes all packages and errata from the source channel.

    Original state of the channel (no errata)

    The cloned channel includes all of the packages that were originally in the source channel, but no associated errata.

    Select errata

    The cloned channel includes all of the packages that were originally in the source channel and any errata that you select. Selecting all errata is equivalent to cloning the current state of the channel. Selecting no errata is equivalent to cloning the original state of the channel.

  4. Click Clone Channel.

  5. On the Edit Software Channel page, you can change the channel details. The default label is the source channel label prefixed with clone-.

  6. Click Clone Channel again.

  7. If you specified Select errata as the clone type, the Clone Errata page displays the available errata.

    The following choices are available for each erratum:

    • Merge it with the source erratum.

      This defaultt option means that the source erratum is used instead of creating a cloned copy.

    • Use it to create a separate cloned erratum.

    • Exclude the erratum.

    Click Clone Errata when you have finished cloning errata.

  8. On the Details page for the channel, you can also edit the channel details other than the channel label.

    If you select the Errata tab, you can add errata from other channels or clone errata from the source channel.

    If you select the Packages tab, you can add or remove packages from the channel.

2.7.2 Using the softwarechannel_clone Command

In a spacecmd session, the softwarechannel_clone command clones a base channel and all of its child channels at the same time. Use the command as follows:

spacecmd {SSM:0}> softwarechannel_clone -s ol8u1-x86_64 -x "s/$/-clone/" -o
spacecmd {SSM:0}> softwarechannel_details ol8u1-x86_64-clone

The -x option appends -clone to the new channel's name and label. The -o option excludes all errata from the cloned channel.

To compare the differences between the package contents of two channels, use the softwarechannel_diff command as follows:

spacecmd {SSM:0}> softwarechannel_diff ol8u1-x86_64-clone ol8u1-x86_64

To clone a base channel and all of its child channels, use the softwarechannel_clonetree command as follows:

spacecmd {SSM:0}> softwarechannel_clonetree -s ol8u1-x86_64 -p "clone-"

2.7.3 Using the spacewalk-clone-by-date Command

You use the spacewalk-clone-by-date command to clone Oracle Linux channels for a given date, which preserves the state of the channel's errata and their associated packages from its original release up to and including that date. If required, you can blocklist or remove packages, and choose which types of errata to include or exclude. The command likewise clones a base channel and all of its child channels at the same time.

The command is used outtside of a spacecmd session.

For example, the following command clones only security errata from the ol7-x86_64-latest channel up to November 30, 2019 to ol7-x86_64-latest-sec-20191130:

sudo spacewalk-clone-by-date --username=swadmin --password=swpasswd --to_date=2019-11-30 --channels=ol7-x86_64-latest ol7-x86_64-latest-sec-20191130 --security_only --background --assumeyes 

The command runs uninterrupted in the background. The specified spacewalk user must have Organizational Administrator or Channel Administrator privileges.

The following example clones both a base channel and a patch child channel up to November 30, 2019, excluding all versions of the ntp package and packages that start with fuse:

sudo spacewalk-clone-by-date --username=swadmin --password=swpasswd --channels=ol7-x86_64-base ol7-x86_64-base-2019113 --channels=ol7-x86_64-patch ol7-x86_64-patch-2019113 --to_date=2019-11-30 --blacklist=ntp,fuse*

You can run spacewalk-clone-by-date remotely by using the -s option to specify the Oracle Linux Manager server's URL for XML/RPC API connections, for example -s https://olmsvr_FQDN/rpc/api.

A common use case is to run spacewalk-clone-by-date at regular intervals to keep cloned channels up to date. To generate a sample configuration file, use the following command:

sudo spacewalk-clone-by-date --sample-config

For more information, see the spacewalk-clone-by-date(8) manual page.

2.8 Adding Packages to Channels With Defined Modules

Note

This functionality can only be performed by using the web interface. No command line equivalent exists.

Adding packages to modularized channels can currently be performed only by using the web interface. In this process, the software updates the target channel's modules.yaml file with the modules:streams that correspond to the packages that are being added.

Additionally, if packages are listed in each module:stream that are not present in the target channel, then these packages are also automatically added to the target channel. Note however, that package dependencies are not included in this automatic addition.

Source channels and the target channels must already be modular, which means that these channels must have existing modules.yaml files, because the software does not create modules.yaml by default.

  1. Go to Channels and select Manage Software Channels.

  2. Select the modularized channel, for example, the Applications Stream channel.

  3. Click the Packages tab and then select Add Packages.

  4. From the displayed list, select the packages you want to add.

  5. Select Add Packages and then confirm the action.

    At the end of the process, a summary of the packages that were successfully added is displayed. The list includes both the packages you manually selected and other required packages that were automatically added.

2.9 Managing Channel Life Cycles

The spacewalk-manage-channel-lifecycle command enables you to manage channel life cycles. It supports archiving and performing roll-backs. and is also designed for repetitive use. Thus, it is a preferred command compared to the the spacewalk-clone-by-date command described in Section 2.7.3, “Using the spacewalk-clone-by-date Command”.

The following examples explain the processes that occur when you initialize, promote, archive, or perform roll backs of channels.

  • Create a development channel dev-ol7-x86_64-appsvr based on the latest available packages in ol7-x86_64-appsvr.

    sudo spacewalk-manage-channel-lifecycle -c ol7-x86_64-appsvr --init

    When you run this command on channels that have defined modules on channels, the source channel's modules.yaml file is copied to the newly initialized channel.

  • Promote the packages from the developoment channel to the test channel, or from the test channel to the production channel, as shown in the following two sample commands:

    sudo spacewalk-manage-channel-lifecycle -c dev-ol7-x86_64-appsvr --promote
    sudo spacewalk-manage-channel-lifecycle -c test-ol7-x86_64-appsvr --promote

    In cases where a channel has modules and streams defined, modulemd stanzas from the modules.yaml file in the source channel are copied to the modules.yaml file in the target channel. However, if you use the --clear option when promoting a channel, then source channel's modules.yaml overwrites the same file in the target channel.

  • Save the state of a channel by creating an archive channel called archive-date-channel.

    sudo spacewalk-manage-channel-lifecycle -c prod-ol7-x86_64-appsvr --archive

    For channels with defined modules, the modules.yaml file is copied from the specified channel to the new archive channel.

  • Restore the state of an archived channel by performing a roll back.

    sudo spacewalk-manage-channel-lifecycle -c archive-20191130-test-ol7-x86_64-appsvr --rollback

    In cases where a channel has defined modules, the modules.yaml file is copied from the archive channel to the target channel.

    To list channels, use the -l option.

    sudo spacewalk-manage-channel-lifecycle -l

In the management of life cycles of modularized channels, you might need to increase the XMLRPC API timeout setting due to the intense processes involing the modules.yaml file. Follow these steps:

Note

The configuration options might not be present in the following files. If they do not exist, then manually add them with the recommended settings.

  • In /etc/httpd/conf/httpd.conf, set a new directive for Timeout, for example:

    Timeout 500
  • In /var/lib/tomcat6/webapps/rhn/WEB-INF/web.xml, increase Tomcat's session_timeout field, for example:

    <session-config>
      <session-timeout>90</session-timeout>
    </session-config>
  • In /etc/httpd/conf.d/zz-spacewalk-www.conf, revise the AJP timeout, for example:

    ProxyTimeout 1800

After making these changes, restart Oracle Linux Manager services.

sudo /usr/sbin/spacewalk-service start