Más contenido relacionado La actualidad más candente (14) Similar a Update Management and Compliance Monitoring with the Subscription Management Tool 11 (20) Update Management and Compliance Monitoring with the Subscription Management Tool 112. Agenda
Introduction to Subscription Management Tool (SMT) 11
Installation and Basic Configuration
Managing SMT
Configuring Clients to Use SMT
Jobs and Client Status Monitoring
Staging
2 © Novell, Inc. All rights reserved.
3. Agenda (continued)
Compliance Monitoring with SMT Reports
Supportconfig Proxy
Mirroring Other Products/Repositories
Disconnected SMT Servers
Upgrading from SMT 1.0
Tips and Tricks
3 © Novell, Inc. All rights reserved.
5. Why Do We Have SMT?
• Challenges:
– Every SUSE Linux Enterprise (SLE) 10/11 based
®
machine connects to Novell Customer Center (NCC) for
®
registration and download of updates
– Difficult to maintain security perimeter at the firewall
– Compliance monitoring is difficult
– Devices with no internet access require homemade
update solutions
– Need to streamline updates for non-SLE components
5 © Novell, Inc. All rights reserved.
6. Updating SUSE Linux Enterprise 10/11 ®
Novell
®
Customer
Center
Customer Network
6 © Novell, Inc. All rights reserved.
7. Solution:
Subscription Management Tool
• Novell SLES 11 add-on to mirror all you need :
®
– SUSE Linux Enterprise Desktop and Server 10/11, SLES 9
®
– Open Enterprise Server 2
– SLE 10/11 SDK
– Other SLE based products (NLD, SLEPOS, VMDP++)
– Red Hat Enterprise servers 3.9, 4.7, 5.2
™
– Third-party repositories (custom, ati, vlc, nvidia etc.)
• Allows for more restrictive firewall policies
• Bandwidth optimization
• Reporting - compliance monitoring
• Fast and scalable
7 © Novell, Inc. All rights reserved.
8. High-level Architecture
Subscription
Management
Tool Novell
®
Customer
Center
Customer Network
8 © Novell, Inc. All rights reserved.
9. LAMP Architecture
Subscription Management
Tool Server
443/80
Perl
Apache
443 443/80
Novell ®
My SQL
Customer
Center
443/80
Updates
Local servers
9 © Novell, Inc. All rights reserved.
11. Requirements
• Active Maintenance Subscriptions
• SUSE Linux Enterprise Server (SLES) 11
®
• System requirements same as SLES
• Valid DNS host name such as smt.mycompany.com
• ~10 GB storage space per product and architecture
– More if also mirroring sources
11 © Novell, Inc. All rights reserved.
13. Managing SMT
• YaST modules
– SMT server configuration (yast2 smt-server)
> Only used for initial and global configuration
» Reporting addressees
» Job schedules
– SMT server management (yast2 smt)
> Day-to-day management
» Repositories
» Staging
» Client status monitoring
13 © Novell, Inc. All rights reserved.
14. Managing SMT (continued)
• SMT console commands
– Command syntax : smt subcommand
> Use smt-subcmd instead of smt subcommand
> man smt-subcommand / smt-subcommand -h
– Examples :
> smt-mirror -L /var/log/smt/smt-mirror.log -d
> smt-client -n sled
14 © Novell, Inc. All rights reserved.
16. YaST SMT Module (continued)
Staging
16 © Novell, Inc. All rights reserved.
17. YaST SMT Module (continued)
Clients
17 © Novell, Inc. All rights reserved.
19. Registering Clients with SMT Server
• Registration process uses https
– SMT server CA needs to be installed onto clients
• /etc/suseRegister.conf needs to point to SMT server
• Setting up SUSE Linux Enterprise 10 SP2+ clients
®
– During installation :
> Advanced | Local registration server in NCC dialog (interactive install)
> regurl and regcert kernel parameters (interactive install)
> AutoYaST – add a section in AutoYaST profile (autoinstall) :
» suse_register (SLE 11) or customer_center (SLE 10)
– Post installation time :
> Run clientSetup4SMT.sh script to import SMT server CA, configure
suse_register and perform the registration
19 © Novell, Inc. All rights reserved.
20. Registering Clients (continued)
xsles11a:~ # zypper ls
# | Alias | Name | Enabled | Refresh | Type
--+--------------------------+--------------------------+---------+---------+------
1 | SMT-http_xsmt11a_nts_com | SMT-http_xsmt11a_nts_com | Yes | No | ris
2 | CD1 | CD1 | Yes | Yes | yast2
xsles11a:~ # zypper lr
# | Alias | Name | Enabled | Refresh
--+-----------------------------------------+----------------+---------+--------
1 | CD1 | CD1 | Yes | Yes
2 | SMT-http_xsmt11a_nts_com:SLES11-Extras | SLES11-Extras | No | Yes
3 | SMT-http_xsmt11a_nts_com:SLES11-Updates | SLES11-Updates | Yes | Yes
20 © Novell, Inc. All rights reserved.
22. Reporting
• To assist in compliance monitoring SMT generates
weekly reports with info like
– Statistics of the registered machines and products used
– Active, expiring, or missing subscriptions
– Alerts if the number of registered machines and products
exceeds the number of purchased subscriptions
• Flexible configuration options like mail recipients of
reports, type of reports and attachments
• Can be in plain text, CSV, XML or PDF format
• On-demand reports
22 © Novell, Inc. All rights reserved.
23. Reporting (continued)
t61srvsp2:~ # smt-report --local
Downloading Subscription information
Downloading Registration information
Subscription Report based on a local calculation
================================================
Alerts:
13 Machines use too many 'SUSE Linux Enterprise Server 10 / SUSE LINUX Enterprise
Server 9' subscriptions. please log in to the Novell Customer Center
(http://www.novell.com/center) and assign or purchase matching entitlements.
...
Footer
Generated on: t61srvsp2.nts.com
Site ID: 142723
SMT ID: 3aba20eea2884ea8a17c70e92bc323b3
23 © Novell, Inc. All rights reserved.
25. Job Queue and Client Status
• Enables
– Patchstatus reporting
– Software update and pushing
– Execution of commands, reboot, eject
• Consists of server and client side components
– Server
> Jobs - defined in the SMT database with smt-job command
> Clients patch status reporting tools
» Clients tab in YaST SMT module
» smt-client command
– Client
> smt-client package (SUSE Linux Enterprise 11 only)
®
25 © Novell, Inc. All rights reserved.
26. Job Queue and Client Status (continued)
• Client client and SMT server communicate in SSL
• Management of client jobs is command-line based
• All clients get a persistent patch status job
assigned during registration
• Jobs
– Must be assigned to individual clients specifying their
GUID during creation
– Can be queried/modified/deleted after submission
– Can have dependency on other job
(parent/child relationship)
26 © Novell, Inc. All rights reserved.
27. Job Queue and Client Status (continued)
• SMT-job command
– Wealth of parameters to the command
> See man smt-job
• Example of update job creation
– # smt-job --create -type update -guid <client-guid>
– # smt-job -c -t update -g <client-guid>
27 © Novell, Inc. All rights reserved.
28. Job Queue and Client Status (continued)
• SMT-client command
– Examples
> smt-client
» Overview
> smt-client status -n sles11 -L /var/log/smt/smt-client.log
» Details on selected clients
• Keep in mind that Package Manager patches can
hide security and other categories of patches
– This is because the client "can not see" the patches
that will become applicable after updating the
package manager until after it has been updated
28 © Novell, Inc. All rights reserved.
29. Job Queue and Client Status (continued)
xsmt11a:~ # smt-client
.------------------------------------------------------------------------------------------.
| GUID | Hostname | Patch Status | Patch Status Date |
+----------------------------------+-------------+-------------------+---------------------+
| 7a4df09998da498b8de8f769585daea0 | xres47a | Unknown | |
| 122b33b92f7f4b62a06404156e6719fe | xres52a | Unknown | |
| 9dedbca2c3df4c04946bbf3216053a29 | xsled11a | Up-to-date | 2010-01-29 09:52:35 |
| 623a1864464e4b57a1afe8504504114b | xsles10sp3a | Unknown | |
| 1559a785c49d4289a6a79c2646b15f14 | xsles11a | Critical | 2010-01-29 10:50:59 |
| 7e5d68f953e24d0599d9eb3163e441a7 | xsles11b | Unknown | |
| c92d8213d7394cb0b7476b55e746ec64 | xsles11f | Updates available | 2010-02-03 15:11:29 |
| d16b02e6c6a04d3f878063fd0b85aaf7 | xsmt11a | Up-to-date | 2010-02-03 12:02:07 |
'----------------------------------+-------------+-------------------+---------------------'
29 © Novell, Inc. All rights reserved.
30. Job Queue and Client Status (continued)
The GUI Version
30 © Novell, Inc. All rights reserved.
32. Staging
• Mirror all patches, but only publish approved
ones to clients
• GUI and command-line based management
– YaST2 smt module
> Repositories and staging tabs
– smt-repos command
– smt-staging command (only for geeks)
• Management tools only fully support SUSE ®
Linux Enterprise 11 and newer repositories
32 © Novell, Inc. All rights reserved.
33. Staging (continued)
• Repositories are mirrored to different directories
depending to their staging flag
• Administrator
– Selects patches and creates a testing snapshot of these
– Redirects selected clients to testing repos
> E.g. by using execution jobs
– When patches in testing snapshot have been approved
> Create production snapshot
> Reconfigure test clients if desired
33 © Novell, Inc. All rights reserved.
34. Staging (continued)
Novell ® Production Clients
Customer
Center
Non-
staged
Production
snapshot
Mirror
Staged
Testing
snapshot
Full Testing
34 © Novell, Inc. All rights reserved.
37. SMT Support
• SMT server can act as proxy for
supportconfig archives
• supportconfig files can be uploaded to SMT server
– # supportconfig -U 'http[s]://mysmt/upload?file={tarball}'
-r 12345678901
– Tarball then named nts_$SR_NUM_hostname_date_time.tbz
– Stored in /var/spool/smt-support on SMT server
• Default upload target in /etc/supportconfig.conf
– Configured with clientSetup4SMT.sh or AutoYaST post script
37 © Novell, Inc. All rights reserved.
38. SMT Support (continued)
• (SMT) administrator can then
– Process supportconfig archive files
> Run Novell Support Advisor against the uploaded files
®
> Add contact information to individual archives during upload
> Upload to open service requests
• Run smt-support -h to get details on options
– Upload a specific archive - e.g. :
» smt-support -u nts_SR10588349999_xsles11a_100127_0917.tbz
38 © Novell, Inc. All rights reserved.
40. Mirroring Other Products/Repositories
• Standard tool to distribute updates for
– In-house developed applications
– Third-party repositories
• Must be repomd based
> See Software Repositories at OpenSUSE for details
®
• To enable non-interactive subscription to non-Novell ®
repositories (not signed by Novell)
– Place the key used to sign the repodata in repo/keys/
of SMT server
> Will be imported (prompt) during registration and clientSetup4SMT.sh
> # rpm --import <url-of-repo-signing-key>
40 © Novell, Inc. All rights reserved.
41. Mirroring SUSE Linux Enterprise 9 ®
• Having a SLES 9 server running only for YOU?
• smt-mirror-sle9 is the answer
• Enables mirroring of
– SUSE Linux Enterprise Server 9
– Novell Linux Desktop 9
®
– SUSE Linux Enterprise 9 Software Development Kit
– Novell Linux Point of Service
• Check out the deployment guide on how to optimize it
41 © Novell, Inc. All rights reserved.
42. Updating RedHat Enterprise Linux
• Red Hat Enterprise Linux Server repositories as part
of the Novell Expanded Support offering
®
– Novell makes selected packages available in repositories on
NCC (nu.novell.com)
• Setup
– Mirror the relevant repositories on SMT server
– Install the signing-key and import it on the key
Red Hat servers
– Configure yum/up2date client
– Register the Red Hat servers against SMT (optional)
• TID 7004324 describes
– How to update Red Hat Enterprise Linux with SMT 11
42 © Novell, Inc. All rights reserved.
44. Isolated SMT Servers
Restricted Open
Network Network
No
network
conn.
SMT
SMT (external) Novell
®
(internal) Customer
Center
Mobile
disk
44 © Novell, Inc. All rights reserved.
46. Upgrading SMT from 1.0
• SMT 11 is not designed to upgrade
• If SMT 11 is installed during the SUSE Linux ®
Enterprise Server upgrade to 11, then it
minimizes the need for extra work
• Cool solution explains the procedure :
– Upgrading SMT from version 1.0 to 1.1
– Transfer settings from smt.conf to smt.conf.rpmnew
and swap the files
– Kick off a mirror to update the new fields in the DB
– (Optional) create patchstatus jobs for SLE 11 clients
46 © Novell, Inc. All rights reserved.
48. Tips and Tricks
• Patches get mirrored, but are not visible to the clients
– Check if staging is involved
• Disaster recovery
– Plan and survive - see TID 7004986
• If deploying multiple SMT servers
– Repositories can be preloaded
• http://forums.novell.com →
SUSE Linux Enterprise Server → Updates
®
• SMT Master TID 7005002
– Links to what is known of good stuff
48 © Novell, Inc. All rights reserved.
49. The End
• This was a lot of details about SMT
• Many cool features
• But deployment can be really simple :
– Install it
– Find and enter your mirror credentials
– Mirror the repositories you need
– Configure the clients
– Voila !
• And remember : SMT is FREE of charge !
49 © Novell, Inc. All rights reserved.
51. Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.