The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.

Chapter 3 Configuring Inter-Server Synchronization for Spacewalk Servers

You can configure ISS to synchronize channel content, channel permissions, and organizational trust settings between Spacewalk servers. The configuration of local non-content settings for users and organizations is not affected. One Spacewalk server acts as a primary server to provide content to any number of worker Spacewalk servers.

Typical use cases include the following:

  • Content on the worker servers is regularly synchronized with the primary server to obtain the latest maintenance releases.

  • Content is developed and tested on the primary server before distribution to the worker servers.

  • worker servers have local content that is additional to that synchronized from the primary server.

You can configure primary servers that are themselves workers of a higher-level primary Spacewalk server. The usual ISS topology is a tree-like hierarchy, where there is one top-level primary server and each worker has only one primary server, rather than a directed graph, where there might be several top-level primary servers and each worker can have more than one primary. If a worker has more than one primary server, you can designate one to be the default primary server with which the worker synchronizes.

You can use the spacewalk-sync-setup command to set up the relationships between primary and worker Spacewalk servers, or you can use the Spacewalk web interface to configure each server independently.

3.1 Enabling or Disabling Worker Synchronization Support for a Spacewalk Server

By default, a Spacewalk server is configured so that it can act as a primary server. Any worker servers that you configure for the primary server will be able to synchronize from it. The following steps are not usually necessary unless you want to disable this feature on a Spacewalk server that acts only as a worker server.

Enable or disable support for worker synchronization on a Spacewalk server as follows:

  1. To disable ISS support, edit /etc/rhn/rhn.conf and set the value of disable_iss to 1: 

    disable_iss=1

    To enable ISS support, edit /etc/rhn/rhn.conf and set the value of disable_iss to 0: 

    disable_iss=0

  2. Restart the httpd service.

    For Oracle Linux 6, type the following command: 

    # service httpd restart

    For Oracle Linux 7, type the following command: 

    # systemctl restart httpd

3.2 Configuring Primary and Worker Spacewalk Servers With the spacewalk-sync-setup Command

Note

Before you can configure ISS, Spacewalk must be installed and running on both the primary and worker servers.

The spacewalk-sync-setup command is available in the spacewalk-utils package.

On either of the Spacewalk servers, run the spacewalk-sync-setup command. 

# spacewalk-sync-setup --apply --create-templates \
  --ms=primary_swksvr_FQDN --ml=primary_swadm --mp=primary_swadm_passwd \
  --ss=worker_swksvr_FQDN --sl=worker_swadm --sp=worker_swadm_passwd

where primary_swksvr_FQDN is the fully qualified domain name of the Spacewalk server that will act as the primary server and the primary_swadm and primary_swadm_passwd values specify the Spacewalk administrator's user name and password for that server.

The worker_swksvr_FQDN value is the fully qualified domain name of the Spacewalk server that will act as the worker server and the worker_swadm and worker_swadm_passwd values specify the Spacewalk administrator's user name and password for that server.

The following is the typical output that is displayed when running this command: 

# spacewalk-sync-setup --apply --create-templates \
  --ms=swksvr.mydom.com --ml=swadm --mp=swpass \
  --ss=swksvr2.mydom.com --sl=swadm2 --sp=swpass2 
INFO: Connecting to swadmin@swksvr.mydom.com
INFO: Connecting to swadmin@swksvr2.mydom.com
INFO: Generating master-setup file /root/.spacewalk-sync-setup/master.txt
INFO: Generating slave-setup file /root/.spacewalk-sync-setup/slave.txt
INFO: About to wget master CA cert: [wget -q -O 
/usr/share/rhn/swksvr.mydom.com_RHN-ORG-TRUSTED-SSL-CERT 
http://swksvr.mydom.com/pub/RHN-ORG-TRUSTED-SSL-CERT]
INFO: Applying master-setup /root/.spacewalk-sync-setup/master.txt
INFO: Applying slave-setup /root/.spacewalk-sync-setup/slave.txt

A copy of the primary server's CA certificate is stored on the worker as /usr/share/rhn/swksvr.mydom.com_RHN-ORG-TRUSTED-SSL-CERT.

You can then map local organizations on the worker server to organizations that the primary server exports. See Section 3.5, “Mapping a Local Organization to an Exported Organization by Using the Spacewalk Web Interface”.

3.3 Configuring a Primary Spacewalk Server by Using the Spacewalk Web Interface

Configure a primary Spacewalk server as follows:

  1. Go to Admin, select ISS Configuration, and then select the Master Setup tab.

  2. On the Known Slave Instances page, click + Add new slave.

  3. On the Edit Slave Details page, type the FQDN of the worker server and select or deselect the check boxes that configure worker and organization synchronization.

    For example, you might want to enable the worker to synchronize from the primary server, but not want to synchronize all organizations to the worker.

  4. Click Create.

    When the page refreshes, you are able to select which organizations can be exported. By default, no organizations are selected.

  5. Select the organizations that you want to enable to be exported to the worker, then click Allow Orgs.

3.4 Configuring a Worker Spacewalk Server by Using the Spacewalk Web Interface

Configure a worker Spacewalk server as follows:

  1. In a browser tab, navigate to http://primary_swksvr_FQDN/pub, where primary_swksvr_FQDN is the FQDN of the primary Spacewalk server, and download the CA certificate file RHN-ORG-TRUSTED-SSL-CERT as RHN-ORG-TRUSTED-SSL-CERT-MASTER.

    Alternatively, you can use the wget command as follows: 

    # wget -q -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT-MASTER \
  http://primary_swksvr_FQDN/pub/RHN-ORG-TRUSTED-SSL-CERT

  2. In the Spacewalk web interface, go to Admin, select ISS Configuration and then select the Slave Setup tab.

  3. On the Known Master Instances page, click + Add new master.

  4. On the Details for new Master page, type the FDQN of the primary server and the absolute path name of the primary server's CA certificate that you downloaded (RHN-ORG-TRUSTED-SSL-CERT-MASTER), then select whether the primary server will be the default one with which the worker synchronizes.

  5. Click Add new master.

    The page refreshes to display a Configure Master-to-Slave Org Mappings section that enables you to configure local names for the organizations that the primary server exports. When you synchronize content, access permissions that you have configured for channels on the primary server propagate to the worker server. You can choose which organizations, and any associated channel permissions, to map to a worker server.

    If necessary, create the local organizations to be mapped to the organizations that the primary server exports as follows:

    1. Go to Admin, select Organizations and click + create new organization.

    2. On the Create New Organization page, provide the details for the organization, including its name and the login details of its administrator.

      Note

      You must create a new user to act as the organization's administrator, as the Spacewalk administrator cannot perform this role.

    3. Click Create Organization.

    4. To return to the Configure Master-to-Slave Org Mappings section for the primary server instance, go to Admin, select ISS Configuration. Then, select the Slave Setup tab and click the name of the primary server instance.

  6. In the Configure Master-to-Slave Org Mappings section, select the local organizations that map to the organizations that the primary server exports.

  7. For each exported organization in the Master Org Name column, use the pull-down menu in the Matching Local Org column to select the local organization that should map to the export organization.

    If you do not want to import an organization, select NOT MAPPED.

  8. Click Update.

3.5 Mapping a Local Organization to an Exported Organization by Using the Spacewalk Web Interface

Map local organizations on a worker server to organizations exported by a primary server as follows:

  1. On the worker server, to view the organizations that a primary server exports, go to Admin, select ISS Configuration, select the Slave Setup tab, and click the name of the primary server instance.

  2. On the worker server, create the local organizations that you want to map to the organizations that the primary server exports.

    Create a local organization as follows:

    1. Go to Admin, select Organizations and click + create new organization.

    2. On the Create New Organization page, provide the details for the organization, including its name and the login details of its administrator.

      Note

      You must create a new user to act as the organization's administrator, as the Spacewalk administrator cannot perform this role.

    3. Click Create Organization.

    4. To return to the Configure Master-to-Slave Org Mappings section for the primary server instance, go to Admin, select ISS Configuration. Then, select the Slave Setup tab and click the name of the primary server instance.

  3. In the Configure Master-to-Slave Org Mappings section, select the local organizations that map to the organizations that the primary server exports.

    For each exported organization in the Master Org Name column, use the pull-down in the Matching Local Org column to select the local organization that should map to the export organization. If you do not want to import the organization, select NOT MAPPED.

  4. Click Update.

3.6 Synchronizing Software Channels on a Spacewalk Worker Server

You synchronize a software channel by running the satellite-sync command on the worker server as follows: 

# satellite-sync [--iss-parent=primary_swksvr_FQDN] [--orgid=N] -c channel_label

where channel_label specifies the label of the software channel to synchronize from the primary server.

The argument to the --orgid option specifies the ID of the organization on the worker into which the channel is synchronized. If not specified, the Spacewalk Default Organization with ID 1 is assumed.

The primary_swksvr_FQDN value specifies the FQDN of the primary Spacewalk server. If not specified, and the worker server has more than one primary server, the default primary server is assumed.

Output that is similar to the following is displayed when you perform an initial synchronization of a software channel on a worker server from the Spacewalk Default Organization on the default primary server: 

# satellite-sync -c oraclelinux6-x86_64-patch
16:16:52 Spacewalk - live synchronization
16:16:52    url: https://swksvr.mydom.com
16:16:52    debug/output level: 1
16:16:52    db:  c##spacewalk2/<password>@//odbsvr.mydom.com/company.mydom.com
16:16:52 
16:16:52 Retrieving / parsing orgs data
16:16:52 orgs data complete
16:16:52 
16:16:52 Retrieving / parsing channel-families data
16:16:52 channel-families data complete
16:16:52 
16:16:52 Retrieving / parsing product names data
16:16:52 product names data complete
16:16:52 
16:16:52 Retrieving / parsing arches data
16:16:53 arches data complete
16:16:53 
16:16:53 Retrieving / parsing additional arches data
16:16:53 additional arches data complete
16:16:53 
16:16:53 Retrieving / parsing channel data
16:16:54    p = previously imported/synced channel
16:16:54    . = channel not yet imported/synced
16:16:54    base-channels:
16:16:54         NONE RELEVANT                                 
16:16:54    oraclelinux6-x86_64:
16:16:54       . oraclelinux6-x86_64-patch    1367    full import from Fri Jul 10 13:02:52 2015
16:16:54 
16:16:54 Channel data complete
16:16:54 
16:16:54 Retrieving short package metadata (used for indexing)
16:16:54    Retrieving / parsing short package metadata: oraclelinux6-x86_64-patch (1367)
16:17:01 Diffing package metadata (what's missing locally?): oraclelinux6-x86_64-patch
            ________________________________________
Diffing:    ######################################## - complete
16:17:04 
16:17:04 Downloading package metadata
16:17:04    Retrieving / parsing *relevant* package metadata: oraclelinux6-x86_64-patch (1357)
16:17:04    * WARNING: this may be a slow process.
            ________________________________________
Downloading:######################################## - complete
16:42:30 
16:42:30 Downloading rpm packages
16:42:30    Fetching any missing RPMs: oraclelinux6-x86_64-patch (1357)
16:42:53    Total size: 5.31 GiB
16:47:53 Processing rpm packages complete
16:47:53 
16:47:53 Importing package metadata
16:47:53    Importing *relevant* package metadata: oraclelinux6-x86_64-patch (1357)
            ________________________________________
Importing:  ######################################## - complete
18:06:44 
18:06:44 Linking packages to channels
18:07:02 
18:07:02 Downloading errata data
18:07:02    Retrieving / parsing errata data: oraclelinux6-x86_64-patch (216)
            ________________________________________
Downloading:######################################## - complete
18:07:06 Downloading errata data complete
18:07:06 
18:07:06 Downloading kickstartable trees metadata
18:07:06    Retrieving / parsing kickstart data: oraclelinux6-x86_64-patch (NONE RELEVANT)
18:07:06 
18:07:06 Downloading kickstartable trees files
18:07:06    Retrieving / parsing kickstart tree files: oraclelinux6-x86_64-patch (NONE RELEVANT)
18:07:06 
18:07:06 Importing channel errata
18:07:13    Importing *relevant* errata: oraclelinux6-x86_64-patch (468)
            ________________________________________
Downloading:######################################## - complete
18:07:31    No new kickstartable tree to import
    Import complete:
        Begin time: Fri Jul 10 16:16:51 2015
        End time:   Fri Jul 10 18:07:31 2015
        Elapsed:    1 hours, 50 minutes, 40 seconds

Copyright © 2020, Oracle and/or its affiliates. Legal Notices