1 About Oracle Linux Manager

A central task for IT administrators is to provision systems and keep them up to date with the latest patches and operating system updates. If the security policy at your site mandates errata as critical, it is crucially important to conduct regular testing and apply patches to reduce the risk of systems compromise or data exposure. As data centers expand, administrators are required to manage even greater numbers of physical servers and virtual machines. As a result, automation becomes a necessity for efficient and cost-effective systems management. Oracle Linux Manager 2.10, based on the Spacewalk open source software, helps automate Oracle Linux systems management, thereby enabling you to control the system software life cycle, from initial installation, through maintenance, software configuration, upgrades, and eventual decommissioning.

Provisioning and maintaining large numbers of physical servers and virtual machines across large deployments that span departments and data centers is a challenging task. However, keeping Oracle Linux systems up to date with stable software configurations, the latest security errata, and consistent patch levels is critical to user productivity, as well as useful for managing day-to-day business operations.

This guide introduces you to the basic concepts of using Oracle Linux Manager to manage Oracle Linux systems. Beyond the scope of this guide are additional efficiencies that can result from implementing Oracle Linux Manager.

For example, you can use Oracle Linux Manager to do the following:

• Run automatic OpenSCAP audits against industry-standard security checklists and evaluation profiles.

• Use the Spacewalk API, which offers powerful and extensive interfaces for high-level scripting, to provide a sophisticated and comprehensive way to automate advanced management tasks.

Oracle Linux Manager provides an effective set of tools for managing the Oracle Linux software life cycle in small or large deployments. Oracle Linux Manager also helps you automate a kickstart installation, system configuration, and maintenance tasks, which enables you to rapidly deploy proven and consistent software configurations for Oracle Linux systems.

As illustrated in the following figure, during the typical life cycle of a system, you can use Oracle Linux Manager to simplify several system management tasks, such as installing bare metal systems and virtual guests, applying patches and software updates, configuring software, and auditing system security.

Figure 1-1 Life Cycle of a System

You can administer and perform most Oracle Linux Manager operations by using either a web interface or the spacecmd command. Oracle Linux Manager also features an extensive and powerful XML/RPC-based API that you can use with a high-level scripting language such as Python.

Oracle Linux Premier Support and Oracle Linux Basic Support contracts provide support for Oracle Linux Manager and include a limited-use license for Oracle Database Enterprise Edition for use with Oracle Linux Manager. You can use Oracle Linux Manager to automate the management of Oracle Linux 6, Oracle Linux 7, and Oracle Linux 8 systems. When deployed on Oracle Linux, Oracle Linux Manager can additionally manage other Linux releases, such as CentOS, Debian, Fedora, and SLES. However, note that Oracle does not support Oracle Linux Manager for management of these systems.

Oracle Linux Manager provides automated management capabilities at no additional cost. Oracle support for Oracle Linux Manager is especially valuable when transitioning to Oracle Linux, for those who are already familiar with Red Hat Satellite 5 releases or SUSE Manager. However, your IT organization might prefer to implement Oracle Enterprise Manager instead because it provides a comprehensive management solution that extends beyond the management of purely Linux-derived systems. The Oracle Enterprise Manager product family supports the management of the entire Oracle software stack, including hardware, hypervisors, operating systems and Oracle Database, Oracle middleware, and Oracle software applications. For more information, visit the Oracle Enterprise Manager product page at https://www.oracle.com/enterprise-manager/.

Overview of Oracle Linux Manager Architecture

The following figure depicts an internal, three-tiered Oracle Linux Manager server architecture.

Figure 1-2 Overview of the Internal Three-Tiered Oracle Linux Manager Server Architecture

The server architecture includes the following three tiers:

• Data tier: Contains the database and Taskomatic. Oracle Linux Manager uses the Taskomatic daemon to perform asynchronous scheduled tasks, such as resynchronizing software channels, applying software and configuration updates to clients, and notifying you when new errata become available.

• Logic tier: Contains the Apache and Tomcat web servers, which process data for use by the presentation tier.

• Presentation tier: Contains the back-end and front-end XML/RPC APIs, which provide programming interfaces for the command-line client utilities and other XML/RPC clients, and the web interface, which can be accessed by using a web browser.

Oracle Linux Manager uses a distributed client-server architecture, in which registered client systems subscribe to the software channels that an Oracle Linux Manager server hosts. You can distribute server functionality across as many systems as are required to meet your organization's needs. This capability is especially useful for organizations that are distributed across several geographical regions.

For example, a simple deployment might have a single primary server to serve a pool of client systems, along with a proxy server to offload processing from the primary so that you can support more client systems. In larger deployments, you can configure multiple Oracle Linux Manager primary servers and proxy servers to improve provisioning and software download speeds. In a distributed configuration, clients are likely to have higher network bandwidth access to servers that are within close proximity.

Because Oracle Linux Manager architecture is flexible and scalable, many different deployment configurations are feasible. The following scenarios, which are also illustrated in Figure 1-3, are possible:

• Simple deployment with a single Oracle Linux Manager server that has several clients.

• More complex deployment with one Oracle Linux Manager server and two Oracle Linux Manager proxies, where each proxy has several clients.

• Deployment with two Oracle Linux Manager servers, each at different sites, where the server at one site acts as the primary server, while the server at the other site acts as a secondary or worker server. Inter-Server Synchronization (ISS) is used to manage channel content, channel permissions, and organizational trust settings between the two servers.

Figure 1-3 Deployment Configurations for Oracle Linux Manager

Oracle consultants can help your organization design an optimal Oracle Linux Manager solution, especially if you need to manage a large, geographically dispersed environment of client systems and servers.

You register client systems, whether physical servers or virtual guests, with a Oracle Linux Manager Server Proxy so that they can be subscribed to software channels. The clients can then obtain packages from Oracle Linux Manager server. You can also use Oracle Linux Manager with kickstart to automate an Oracle Linux installation by using software packages from a network installation server. If you use Oracle Linux Manager with kickstart to provision new client systems, you can configure Oracle Linux Manager server to automatically register these client systems. A new client system is automatically registered as an Oracle Linux Manager client if you associate an activation key with its kickstart profile and configure kickstart to install Oracle Linux Manager Client software on the system.

You can use Oracle Linux Manager to administer a registered kickstarted system immediately, which simplifies subsequent patching, configuration management, and security auditing. You can also register previously installed legacy systems with an Oracle Linux Manager server to bring these systems under Oracle Linux Manager's control.

Oracle Linux Manager Concepts

This chapter describes some basic Oracle Linux Manager concepts. For more information about these concepts, as well as step-by-step instructions and examples, see the Oracle^® Linux Manager & Spacewalk for Oracle^® Linux Documentation.

Activation Key

Tag that you can associate with a given server configuration, such as a database server on an Oracle Linux 7 (x86_64) system. When a client system registers with an Oracle Linux Manager server, it specifies an activation key to select the characteristics that are bound to that key such as to which software channels the client should be subscribed. You can also use activation keys to trigger Oracle Linux Manager to install specific packages and deploy a specialized configuration upon registration.

Software Channel

Subscribed to by Oracle Linux Manager client systems to obtain software packages and errata. A base or parent channel provides packages for a specific Oracle Linux release and architecture. This channel can have a number of child channels that provide additional packages.

Note:

Oracle also uses the term channel to refer to the software distribution channels that the Unbreakable Linux Network (ULN) provides. A channel is the subscription mechanism by which clients can obtain software packages, patches, and updates.

You do not necessarily need to associate an upstream repository with a software channel. For example, you might want to instead add custom-built, local packages and errata by using the web interface or by using the rhnpush command.

Entitlement

Enables additional functionality that is supported by Oracle Linux Manager. Note that starting with Spacewalk 2.6, most entitlements were removed. The only entitlement that is currently supported is the Virtualization entitlement, which installs additional packages on the target host so that Oracle Linux Manager is able to manage virtual guests on that host.

System Group

Enables you to simultaneously perform system management operations on multiple client systems that are organized into groups. A client system can be a member of more than one group. Typically, the member systems of a group are of the same Oracle Linux release, system architecture, and a kickstart profile. You can also group systems by function (for example, web, application, or database servers), by physical location, or by responsible administrator.

Organization

Provides a useful way to tier or segment your Oracle Linux Manager implementation. By defining multiple organizations, you can establish management entities that correspond to different corporate divisions or administrative groups. Organizations provide a way to logically delegate system management responsibilities and allocate entitlements. Depending on organizational trust relationships, organizations can also share system and software entitlements.

Repository

Used for provisioning packages for software channels. Oracle Linux Manager usually provisions packages for software channels by using repositories from an upstream source. For Oracle Linux, you can use the repositories that are provided by either the Oracle Linux yum server at https://yum.oracle.com or ULN at https://linux.oracle.com.

Some repository content, such as update-level, specific patch and Ksplice packages, is available from ULN but not from the Oracle Linux yum server. Oracle Linux Manager provides a ULN plug-in that enables it to synchronize Oracle Linux Manager repositories with ULN without needing to register Oracle Linux Manager server directly with ULN. Unless you are an experienced Oracle Linux Manager administrator, Oracle recommends that you associate only one repository with each channel to obtain upstream packages. Otherwise, the channel attempts to pull packages from multiple sources.

Note:

Ksplice Offline packages are available from ULN as part of an Oracle Linux Premier Support contract. For more information, see Oracle Linux: Ksplice User's Guide .