SUSE Manager/FAQ

From CoolSolutionsWiki

SUSE Manager Main Page

Contents

SUSE Manager - Frequently asked problems

How can you guarantee that SUSE Manager is in fact a drop-in replacement for RH Satellite Server?

QA is testing SUSE Manager against RHEL 5 and 6 clients, those currently supported by expanded support. The primary focus for our testsuite and for QA is patch and update management, we see this as the primary need for customers. Although SUSE Manager Server is build from the same sources as RH Satellite Server, it will not act as a drop-in replacement for legal and infrastructure reasons. SUSE Manager is not allowed to pull patches from Redhat Network upstream but will get them from the Novell Customer Center (NCC). SUSE Manager will be a drop-in replacement for RH Satellite Server for disconnected (no direct link to RHN or NCC) operations. However, functionality depending on Redhat Network upstream will not be available with SUSE Manager.

IPv6 support in SUSE Manager?

IPv6 should be mostly supported

  • SUSE Manager Server:
    • apache - yes
    • monitoring uses apache and a ssh connection. I think ssh is ipv6 ready.
    • oracle DB - oracle 10g does not support ipv6
    • jabberd - it seems that jabberd support IPv6, but needs some changes in the configuration file.
    • autoinstallation - bare metal installation via ipv6 should work install=...something ipv6...., I never tried that for autoyast=... but I expect it to work
    • virtualization - unknown
    • Client activation - unknown
  • SUSE Manager Proxy:
    • squid - NO (our squid is unable to react on IPv6) (other services same as on the server)

Subscription reports from SUSE Manager

Q: with SMT we have the ability to create a subscription report, that helps customers to see what activation codes to covers how many workloads and how many are left to be assigned. Customer would like to have this from SUSE Manager. Is this possible?
A: Currently not, would need some implementation. There was no time to add this.

Handling of timezones

Q: what happens if Server and Client are in different timezones? How is this handled? What do admins need to take care of?
A: (from QuickStart guide) The connection to the Web server via Secure Sockets Layer (SSL) requires correct timing of both server and clients.
For this reason, SUSE Manager server and all client systems must use NTP.
If SUSE Manager is used in conjunction with a stand-alone database, the machine of the separate database must be set to the same time zone as SUSE Manager.
I think I got how it works, by playing around with the timezone settings for the user. It seems that SUSE Manager stores all the date information in one timezone (I assume GMT) and calculates the dates/times in GUI by the user locale setting. Scheduling tasks is done in the user locale timezone.
By that approach we should not have any problems with clients being in different timezones, as the normalized timestamps in the DB and the re-calculation based on the user locale setting will make sure that if you schedule something, it will not run tasks on clients in different timezone at different times.

working with more than one disk in SUSE Manager

Q: we all know that SUSE Manager installation procedure does ask for which disk it should install, in case you have more than one installed on your system. But what is best practice for working with more than one disk. Are symbolic links fully supported to redirect to additional data disks, that are attached to the system? I'm asking cause a lot of customers are used to just hang in additional dists to /data01 /data02 etc. and then link into these folders.
A1: Well, this is the reason why we use LVM. :-) We never tried if e.g creating a symlink from /var to /data1 would work.
A2: I always found that to be troublesome and used bind mounts instead. FWIW, /var/spacewalk is a bind mount to my NFS server where I also store all the SMT, Studio, SLMS related RPMs, and since I have all of that on *one* server, I can use fdupes to replace identical, but duplicate file with a hard link. Bind mounts are completely transparent to an application, so you don't have to expect any trouble.

Suse Manager and choice of Oracle database version and sizing recommendations

Q: Do we have any recommendations regarding the choice of remote database version to run together with Suse Manager. I know the included express version will only do for about 20 clients or so. Do we have any recommendations on the edition of 11g the customer needs to buy Standard Edition One (two sockets), Standard Edition(four sockets) or Enterprise version.
Why I am asking is the price of course it is quite a difference between the editions and it would be nice to know roughly. Lets say a customer has around 200 SLES/RHEL servers only x86 environment which edition would be needed and amount of processors for the db server ?
A: http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/5.4/html/Installation_Guide/s1-requirements-database.html
http://www.redhat.com/red_hat_network/faq/

How do I change the hostname of a Manager Server system ?

You don't. Changing the hostname is a delicate process and thus not supported.
However, if you insist on changing the hostname, do it on your own risk according to this using spacewalk-hostname-rename and also adapting /etc/jabberd/sm.xml and /etc/jabberd/c2s.xml manually.

How can I disable caching of channel metadata on a proxy?

When SUSE Manager pulls in new patches for its channels, there is a small window where proxy-connected clients still see the old metadata, since the proxy also caches them and will pull in the new ones only after some time. Since proxies are often used for load balancing, this makes a lot of sense as it minimizes the load on the server.

Some people however prefer updates to be available everywhere immediately. For such a scenario, the administrator needs to tell the proxy that it should not cache any repository metadata, but always retrieves them from the server. Since this can add substantial additional load and network traffic to the system, this is not enabled by default, but needs to be done by the administrator on a case-by-case basis. Keep in mind that for large repositories that never change, every single access will result in all the metadata to be fetched from the SUSE Manager server.

To disable caching of repository metadata, you want to edit the file /etc/squid/squid.conf on the proxy and change the following line:

refresh_pattern /XMLRPC/GET-REQ/.*/repodata/.*\.xml.*$ 0 1% 525960

to

refresh_pattern /XMLRPC/GET-REQ/.*/repodata/.*\.xml.*$ 0 0% 0


What exactly does USING_GPG=1 set as requirement?

Q: I would expect that it is installing RPMs in case gpg key is imported in rpmdb only. So having the repodata signed is not enough.

A: (AFAIK there is no option to tell rpm to reject those packages.)

It starts when creating the bootstrap script:

  • If the --no-gpg option is set when creating a bootstrap script (via GUI or rhn_bootstrap), a corporate public GPG key file (--gpg-key) would _not_ be copied to the public html tree (--pub-tree).
  • Whithin the bootstrap script USING_GPG=0 is set and the client-config-overrides.txt contains 'useGPG=0'
  • Running the bootstrap script on the client system , 'useGPG=0' from client-config-overrides is written to /etc/sysconfig/up2date.

That's all I can derive from reading the code. So changing the value in the bootstrap script has no effect. But it tells how the script was created and custom code could test for it.

Apart from the fact that the GPG key is intentionally not installed on the client, I do not know what impact 'useGPG=0' option /etc/sysconfig/up2date has. It probably affects RHEL systems only, as zypper does not refer to /etc/sysconfig/up2date. But I can't spot code actually evaluating this, neither in SMgr nor on my RHEL5 test machine. Maybe RHEL4 leagcy.

I lost the password of the admin account !

There are two command line tools available for managing the user accounts

satwho
satpasswd <username>

The first will list users, the 2nd can change the password of a user.

Why does syncing of channels work with direct spacewalk-repo-sync calls only?

Make sure that you did not only configure the proxy server for your environment while installing SUSE Manager, but also add the proxy server in the webinterface or directly in /etc/rhn/rhn.conf.

Why is the channel sync taking so much time?

Syncing a channel is a scheduled operation, so requests get queued for each repository of a channel. Then three operations happen

  1. Download of the metadata and the RPM packages
  2. Write all the information to the database. This parses the metadata as well as the RPM package headers.
  3. Create the new metadata in /var/cache/rhn/repodata/<channel-label>

The log file (/var/log/rhn/reposync/<repo-label>-<date>-<time>.log) says 'Completed' after the first two step already.

All this needs also a lot of database resources and might take a long time especially if the DB statistics are not correct and the SQL optimizer chooses a worse way to execute the SQL statements.

Tuning the disk I/O and adding more main memory can do wonders here.

How do I re-register SUSE Manager with NCC?

suse_register -a email=<email> -a regcode-sms=<regcode> -L /root/.suse_register.log

Where do I find answers for my database issues?

We have an own FAQ for our embedded databases: