Red Hat Training
A Red Hat training course is available for Red Hat Satellite
Reference Guide
A guide for Red Hat Satellite advanced features
Edition 1
John Ha
Lana Brindley
Daniel Macpherson
Athene Chan
David O'Brien
Abstract
Preface
1. Audience
Chapter 1. Red Hat Satellite Information
1.1. Command Line Configuration Management Tools
Note
/var/lib/rhncfg/backups/
directory on the affected system. The backup retains its filename but has a .rhn-cfg-backup
extension appended.
1.1.1. Red Hat Network Actions Control
rhn-actions-control
) application is used to enable and disable configuration management of a system. Client systems cannot be managed in this fashion by default. This tool allows System Administrators to enable or disable specific modes of allowable actions such as: deploying a configuration file onto the system, uploading a file from the system, using diff to find out what is currently managed on a system and what is available, or allowing running arbitrary remote commands. These various modes are enabled/disabled by placing/removing files and directories in the /etc/sysconfig/rhn/allowed-actions/
directory. Due to the default permissions on the /etc/sysconfig/rhn/
directory, Red Hat Network Actions Control have to be run by someone with root access.
1.1.1.1. General command line options
man
page available, as there are for most command line tools. Simply decide what Red Hat Network scheduled actions should be enabled for use by system administrators. These options enable the various scheduled action modes:
Table 1.1. rhn-actions-control
options
Option | Description |
---|---|
--enable-deploy | Allow rhncfg-client to deploy files. |
--enable-diff | Allow rhncfg-client to diff files. |
--enable-upload | Allow rhncfg-client to upload files. |
--enable-mtime-upload | Allow rhncfg-client to upload mtime. |
--enable-all | Allow rhncfg-client to do everything. |
--enable-run | Enable script.run |
--disable-deploy | Disable deployment. |
--disable-diff | Disable diff |
--disable-upload | Disable upload |
--disable-mtime-upload | Disable mtime upload |
--disable-all | Disable all options |
--disable-run | Disable script.run |
--report | Report whether the modes are enabled or disabled |
-f, --force | Force the operation without asking first |
-h, --help | show help message and exit |
rhn-actions-control --enable-all
is a common option.
1.1.2. Red Hat Network Configuration Client
rhncfg-client
) is installed and run from an individual client system. From there you may use it to gain knowledge about how Red Hat Network deploys configuration files to the client.
1.1.2.1. Listing Config Files
rhncfg-client list
Config Channel File config-channel-17 /etc/example-config.txt config-channel-17 /var/spool/aalib.rpm config-channel-14 /etc/rhn/rhn.conf
rhncfg-manager list config-channel-14
Files in config channel 'config-channel-14' /etc/example-config.txt /etc/rhn/rhn.conf
/etc/example-config.txt
went. The rank of the /etc/example-config.txt
file in config-channel-17
was higher than that of the same file in config-channel-14
. As a result, the version of the configuration file in config-channel-14
is not deployed for this system, although the file still resides in the channel. The rhncfg-client
command does not list the file because it will not be deployed on this system.
1.1.2.2. Getting a Config File
rhncfg-client get /etc/example-config.txt
Deploying /etc/example-config.txt
less
or another pager. Note that the file is selected as the most relevant based upon the rank of the config channel containing it. This is accomplished within the Configuration tab of the System Details page.
1.1.2.3. Viewing Config Channels
rhncfg-client channels
Config channels: Label Name ----- ---- config-channel-17 config chan 2 config-channel-14 config chan 1
rhncfg-client get
:
Table 1.2. rhncfg-client get
options
Option | Description |
---|---|
--topdir=TOPDIR | Make all file operations relative to this string. |
--exclude=EXCLUDE | Excludes a file from being deployed with 'get'/ May be used multiple times. |
-h, --help | Show help message and exit |
1.1.2.4. Differentiating between Config Files
rhncfg-client diff
[root@testsatellite root]# rhncfg-client diff --- /etc/test +++ /etc/test 2013-08-28 00:14:49.405152824 +1000 @@ -1 +1,2 @@ This is the first line +This is the second line added
--topdir
option to compare config files in Red Hat Network with those located in an arbitrary (and unused) location on the client system, like so:
[root@ root]# rhncfg-client diff --topdir /home/test/blah/ /usr/bin/diff: /home/test/blah/etc/example-config.txt: No such file or directory /usr/bin/diff: /home/test/blah/var/spool/aalib.rpm: No such file or directory
1.1.2.5. Verifying Config Files
rhncfg-client verify
modified /etc/example-config.txt /var/spool/aalib.rpm
example-config.txt
is locally modified, while aalib.rpm
is not.
rhncfg-client verify
:
Table 1.3. rhncfg-client verify
options
Option | Description |
---|---|
-v, --verbose | Increase the amount of output detail. Displays differences in the mode, owner, and group permissions for the specified config file. |
-o, --only | Only show files that differ. |
-h, --help | Show help message and exit |
1.1.3. Red Hat Network Configuration Manager
rhncfg-manager
) is designed to maintain Red Hat Network's central repository of config files and channels, not those located on client systems. This tool offers a command line alternative to the configuration management features within the Red Hat Network website, as well as the ability to script some or all of the related maintenance.
/etc/sysconfig/rhn/rhncfg-manager.conf
or in the [rhncfg-manager] section of ~/.rhncfgrc
.
~/.rhncfgrc
file. The session file is cached in ~/.rhncfg-manager-session
to prevent logging in for every command.
server.session_lifetime
option and new value to the /etc/rhn/rhn.conf
file on the server running the manager, like so:
server.session_lifetime = 120
rhncfg-manager mode --help
rhncfg-manager diff-revisions --help
rhncfg-manager add
options”.
1.1.3.1. Creating a Config Channel
rhncfg-manager create-channel channel-label
Red Hat Network username: rhn-user Password: Creating config channel channel-label Config channel channel-label created
1.1.3.2. Adding Files to a Config Channel
rhncfg-manager add --channel=channel-label
/path/to/file
--dest-file
option in the command, like:
rhncfg-manager add --channel=channel-label
--dest-file=/new/path/to/file.txt
/path/to/file
Pushing to channel example-channel Local file >/path/to/file -> remote file /new/path/to/file.txt
rhncfg-manager add
:
Table 1.4. rhncfg-manager add
options
Option | Description |
---|---|
-c CHANNEL --channel=CHANNEL | Upload files in this config channel |
-d DEST_FILE --dest-file=DEST_FILE | Upload the file as this path |
--delim-start=DELIM_START | Start delimiter for variable interpolation |
--delim-end=DELIM_END | End delimiter for variable interpolation |
-i, --ignore-missing | Ignore missing local files |
--selinux-context=SELINUX_CONTEXT | Overwrite the SELinux context |
-h, --help | show help message and exit |
Note
/etc/rhn/rhn.conf
file:
web.maximum_config_file_size=128
/etc/rhn/rhn.conf
file:
maximum_config_file_size=128
1.1.3.3. Differentiating between Latest Config Files
rhncfg-manager diff --channel=channel-label
--dest-file=/path/to/file.txt
\ /local/path/to/file
--- /tmp/dest_path/example-config.txt config_channel: example-channel revision: 1 +++ /home/test/blah/hello_world.txt 2003-12-14 19:08:59.000000000 -0500 @@ -1 +1 @@ -foo +hello, world
rhncfg-manager diff
:
Table 1.5. rhncfg-manager diff
options
Option | Description |
---|---|
-c CHANNEL, --channel=CHANNEL | Get file(s) from this config channel |
-r REVISION, --revision=REVISION | Use this revision |
-d DEST_FILE, --dest-file=DEST_FILE | Upload the file as this path |
-t TOPDIR, --topdir=TOPDIR | Make all files relative to this string |
-h, --help | Show help message and exit |
1.1.3.4. Differentiating between Various Versions
-r
flag to indicate which revision of the file should be compared and the -n
flag to identify the two channels to be checked. See Section 1.1.3.11, “Determining the Number of File Revisions” for related instructions. Specify only one file name here, since you are comparing the file against another version of itself. For example:
rhncfg-manager diff-revisions -n=channel-label1
-r=1
-n=channel-label2
-r=1
/path/to/file.txt
--- /tmp/dest_path/example-config.txt 2004-01-13 14:36:41 \ config channel: example-channel2 revision: 1 --- /tmp/dest_path/example-config.txt 2004-01-13 14:42:42 \ config channel: example-channel3 revision: 1 @@ -1 +1,20 @@ -foo +blah +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (GNU/Linux) +Comment: For info see http://www.gnupg.org + +iD8DBQA9ZY6vse4XmfJPGwgRAsHcAJ9ud9dabUcdscdcqB8AZP7e0Fua0NmKsdhQCeOWHX +VsDTfen2NWdwwPaTM+S+Cow= +=Ltp2 +-----END PGP SIGNATURE-----
rhncfg-manager diff-revisions
:
Table 1.6. rhncfg-manager diff-revisions
options
Option | Description |
---|---|
-c CHANNEL, --channel=CHANNEL | Use this config channel |
-r REVISION, --revision=REVISION | Use this revision |
-h, --help | Show help message and exit |
1.1.3.5. Downloading All Files in a Channel
rhncfg-manager download-channel channel-label --topdir .
Copying /tmp/dest_path/example-config.txt -> \ blah2/tmp/dest_path/example-config.txt
rhncfg-manager download-channel
:
Table 1.7. rhncfg-manager download-channel
options
Option | Description |
---|---|
-t TOPDIR, --topdir=TOPDIR | Directory all the file paths are relative to. This option must be set. |
-h, --help | Show help message and exit |
1.1.3.6. Getting the Contents of a File
rhncfg-manager get --channel=channel-label
\ /tmp/dest_path/example-config.txt
1.1.3.7. Listing All Files in a Channel
rhncfg-manager list channel-label
Files in config channel `example-channel3': /tmp/dest_path/example-config.txt
rhncfg-manager get
:
Table 1.8. rhncfg-manager get
options
Option | Description |
---|---|
-c CHANNEL, --channel=CHANNEL | Get file(s) from this config channel |
-t TOPDIR, --topdir=TOPDIR | Make all files relative to this string |
-r REVISION, --revision=REVISION | Get this file revision |
-h, --help | Show help message and exit |
1.1.3.8. Listing All Config Channels
rhncfg-manager list-channels
Available config channels: example-channel example-channel2 example-channel3 config-channel-14 config-channel-17
local_override
or server_import
channels.
1.1.3.9. Removing a File from a Channel
rhncfg-manager remove --channel=channel-label
/tmp/dest_path/example-config.txt
Red Hat Network username: rhn-user Password: Removing from config channel example-channel3 /tmp/dest_path/example-config.txt removed
rhncfg-manager remove
:
Table 1.9. rhncfg-manager remove
options
Option | Description |
---|---|
-c CHANNEL, --channel=CHANNEL | Remove files from this config channel |
-t TOPDIR, --topdir=TOPDIR | Make all files relative to this string |
-h, --help | Show help message and exit |
1.1.3.10. Deleting a Config Channel
rhncfg-manager remove-channel channel-label
Removing config channel example-channel Config channel example-channel removed
1.1.3.11. Determining the Number of File Revisions
rhncfg-manager revisions channel-label /tmp/dest_path/example-config.txt
Analyzing files in config channel example-channel \ /tmp/dest_path/example-config.txt: 1
1.1.3.12. Updating a File in a Channel
rhncfg-manager update \ --channel=channel-label
--dest-file=/path/to/file.txt
/local/path/to/file
Pushing to channel example-channel: Local file example-channel/tmp/dest_path/example-config.txt -> \ remote file /tmp/dest_path/example-config.txt
rhncfg-manager update
:
Table 1.10. rhncfg-manager update
options
Option | Description |
---|---|
-c CHANNEL, --channel=CHANNEL | Upload files in this config channel |
-d DEST_FILE, --dest-file=DEST_FILE | Upload the file as this path |
-t TOPDIR, --topdir=TOPDIR | Make all files relative to this string |
--delim-start=DELIM_START | Start delimiter for variable interpolation |
--delim-end=DELIM_END | End delimiter for variable interpolation |
-h, --help | Show help message and exit |
1.1.3.13. Uploading Multiple Files at Once
rhncfg-manager upload-channel --topdir=topdir
channel-label
Using config channel example-channel4 Uploading /tmp/ola_world.txt from blah4/tmp/ola_world.txt
rhncfg-manager upload-channel
:
Table 1.11. rhncfg-manager upload-channel
options
Option | Description |
---|---|
-t TOPDIR, --topdir=TOPDIR | Directory all the file paths are relative to |
-c CHANNEL, --channel=CHANNEL | List of channels the config info will be uploaded into. Channels delimited by ','. Example: --channel=foo,bar,baz |
-h, --help | Show help message and exit |
1.2. Monitoring
1.2.1. Prerequisites
- Monitoring entitlements - These entitlements are required for all systems that are to be monitored. Monitoring is only supported on Red Hat Enterprise Linux systems.
- Red Hat Satellite with monitoring - monitoring systems must be connected to a Satellite with a base operating system of Red Hat Enterprise Linux 5 or later.
- Monitoring Administrator - This role must be granted to users installing probes, creating notification methods, or altering the monitoring infrastructure in any way. (Remember, the Satellite Administrator automatically inherits the abilities of all other roles within an organization and can therefore conduct these tasks.). Assign this role through the User Details page for the user.
- Red Hat Network monitoring daemon - This daemon, along with the SSH key for the scout, is required on systems that are monitored in order for the internal process monitors to be executed. You may, however, be able to run these probes using the systems' existing SSH daemon (
sshd
). See Section 1.2.2, “Configuring the Red Hat Network Monitoring Daemon (rhnmd
)” for installation instructions and a quick list of probes requiring this secure connection. See Appendix A, Probes for the complete list of available probes.
Enabling Monitoring
- Log in as a user with Satellite Administrator privileges and navigate to Admin → Red Hat Satellite Configuration. Click the Enable Monitoring checkbox, then click Update to save.
- Restart services to pick up the changes. Go to the restart tab to restart the Satellite. This will take the Satellite offline for a few minutes.
- Check if the Monitoring tab is available under Red Hat Satellite Configuration to confirm that monitoring is enabled.
- Navigate to Admin → Red Hat Satellite Configuration → Monitoring. Click the Enable Monitoring Scout checkbox to enable the scout. Click Update Config to save.
Note
1.2.2. Configuring the Red Hat Network Monitoring Daemon (rhnmd
)
rhnmd
enables the Satellite to communicate securely with the client system to access internal processes and retrieve probe status.
sshd
instead. See Section 1.2.2.2, “Configuring SSH” for details.
sshd
, is required on client systems for the following probes to run:
- Linux::CPU Usage
- Linux::Disk IO Throughput
- Linux::Disk Usage
- Linux::Inodes
- Linux::Interface Traffic
- Linux::Load
- Linux::Memory Usage
- Linux::Process Counts by State
- Linux::Process Count Total
- Linux::Process Health
- Linux::Process Running
- Linux::Swap Usage
- Linux::TCP Connections by State
- Linux::Users
- Linux::Virtual Memory
- LogAgent::Log Pattern Match
- LogAgent::Log Size
- Network Services::Remote Ping
- Oracle::Client Connectivity
- General::Remote Program
- General::Remote Program with Data
1.2.2.1. Installing the Red Hat Network Monitoring Daemon
rhnmd
. Note that the steps in this section are optional if you intend to use sshd
to allow secure connections between the Red Hat Network monitoring infrastructure and the monitored systems. See Section 1.2.2.2, “Configuring SSH” for instructions.
rhnmd
package can be found in the Red Hat Network Tools channel for all Red Hat Enterprise Linux distributions. To install it:
- Subscribe the systems to be monitored to the Red Hat Network Tools channel associated with the system. This can be done individually through the System Details → Channels → Software subtab or for multiple systems at once through the Channel Details → Target Systems tab.
- Once subscribed, open the Channel Details → Packages tab and find the
rhnmd
package (under 'R'). - Click the package name to open the Package Details page. Go to the Target Systems tab, select the desired systems, and click Install Packages.
- Install the SSH public key on all client systems to be monitored, as described in Section 1.2.2.3, “Installing the SSH key”.
- Start the Red Hat Network monitoring daemon on all client systems using the command:
service rhnmd start
- When adding probes requiring the daemon, accept the default values for RHNMD User and RHNMD Port:
nocpulse
and4545
, respectively.
1.2.2.2. Configuring SSH
sshd
to provide the encrypted connection required between the systems and Red Hat Network. This may be especially desirable if you already have sshd
running. To configure the daemon for monitoring use:
- Ensure the SSH package is installed on the systems to be monitored:
rpm -qi openssh-server
- Identify the user to be associated with the daemon. This can be any user available on the system, as long as the required SSH key can be put in the user's
~/.ssh/authorized_keys
file. - Install the SSH public key on all client systems to be monitored, as described in Section 1.2.2.3, “Installing the SSH key”.
- Start the
sshd
on all client systems using the command:service sshd start
- When adding probes requiring the daemon, insert the values derived from steps 2 and 3 in the RHNMD User and RHNMD Port fields.
1.2.2.3. Installing the SSH key
rhnmd
or sshd
, you must install the Red Hat Network monitoring daemon public SSH key on the systems to be monitored to complete the secure connection. To install it:
- Copy the character string (beginning with ssh-dss and ending with the hostname of the Satellite).
- Select Systems from the left menu, and click the checkbox next to the systems you want to send the SSH key to. Click the Manage button at the top to finish.
- From the System Set Manager, click Run remote commands, then in the Script text box, type the following line:
#!/bin/sh cat <<EOF >> ~nocpulse/.ssh/authorized_keys
Then, press Enter, paste the SSH Key and add EOF. The result should look similar to the following:#!/bin/sh cat <<EOF>> ~nocpulse/.ssh/authorized_keys ssh-dss AABBAB3NzaC3kc3MABCCBAJ4cmyf5jt/ihdtFbNE1YHsT0np0SYJz7xk hzoKUUWnZmOUqJ7eXoTbGEcZjZLppOZgzAepw1vUHXfa/L9XiXvsV8K5Qmcu70h0 1gohBIder/1I1QbHMCgfDVFPtfV5eedau4AAACAc99dHbWhk/dMPiWXgHxdI0vT2 SnuozIox2klmfbTeO4Ajn/Ecfxqgs5diat/NIaeoItuGUYepXFoVv8DVL3wpp45E 02hjmp4j2MYNpc6Pc3nPOVntu6YBv+whB0VrsVzeqX89u23FFjTLGbfYrmMQflNi j8yynGRePIMFhI= root@satellite.example.com EOF
- Set the date and time you want for the action to take place, then click Schedule Remote Command.
ssh
connections between the monitoring infrastructure and the monitored system. You may then schedule probes requiring the monitoring daemon to run against the newly configured systems.
1.2.3. Configuring the mysql
package for probes
mysql
package on the Red Hat Satellite. See Appendix A, Probes for a listing of all available probes.
mysql
package either through the up2date
, yum
or Red Hat Network Hosted.
1.2.4. Enabling Notifications
1.2.4.1. Creating Notification Methods
- Log into the Satellite as either a Satellite Administrator or Monitoring Administrator.
- Navigate to Users and select the username. On the User Details page, click on Notification Methods → create new method.
- Enter an intuitive, descriptive label for the method name, such as
DBA day email
, and provide the correct email address. Remember, the labels for all notification methods are available in a single list during probe creation, so they should be unique to your organization. - Select the checkbox if you desire abbreviated messages to be sent to the email address. This shorter format contains only the probe state, system hostname, probe name, time of message, and Send ID. The standard, longer format displays additional message headers, system and probe details, and instructions for response.
- When finished, click Create Method. The new method shows up in the User Details → Notification Methods tab and the Notification page under the top Monitoring category. Click its name to edit or delete it.
- While adding probes, select the Probe Notifications checkbox and select the new notification method from the resulting dropdown menu. Notification methods assigned to probes cannot be deleted until they are dis-associated from the probe.
1.2.4.2. Receiving Notifications
Subject: CRITICAL: [hostname]: Satellite: Users at 1 From: "Monitoring Satellite Notification" (rogerthat01@redhat.com) Date: Mon, 26 Aug 2013 13:42:28 -0800 To: user@organization.com This is Red Hat Monitoring Satellite notification 01dc8hqw. Time: Mon Aug 26, 21:42:25 PST State: CRITICAL System: [hostname] ([IP address]) Probe: Satellite: Users Message: Users 6 (above critical threshold of 2) Notification #116 for Users Run from: Red Hat Monitoring Satellite
Note
1.2.4.3. Redirecting Notifications
/etc/aliases
and adding the following line:
rogerthat01: "| /etc/smrsh/ack_queuer.pl"
- ACK METOO - Sends the notification to the redirect destination(s) in addition to the default destination.
- ACK SUSPEND - Suspends the notification method for a specified time period.
- ACK AUTOACK - Does not change the destination of the notification, but automatically acknowledges matching alerts as soon as they are sent.
- ACK REDIR - Sends the notification to the redirect destination(s) instead of the default destination.
check
or host
, duration indicates the length of time for the redirect, and email_address indicates the intended recipient. For example:
ACK METOO host 1h boss@domain.com
Note
ack suspend host
. However, you cannot halt Satellite probe notifications by responding to a probe with ack suspend host
or other redirect responses. These probes require you to change the notifications within the web interface of the Satellite.
1.2.4.4. Deleting Notification Methods
- Log into the Satellite as a Satellite Administrator or Monitoring Administrator.
- Navigate to the Monitoring → Notifications page and click the name of the method to be removed.
- On the User → User Details → Notification Methods tab, click delete method. If the method is not associated with any probes, you are presented with a confirmation page. Click Confirm Deletion. The notification method is removed.
Note
Since both the notification method name and address can be edited, consider updating the method rather than deleting it. This redirects notifications from all probes using the method without having to edit each probe and create a new notification method. - If the method is associated with one or more probes, you are presented with a list of the probes using the method and the systems to which the probes are attached instead of a confirmation page. Click the probe name to go directly to the System Details → Probes tab.
- Select another notification method and click Update Probe.
- Return to the Monitoring → Notifications page and delete the notification method.
1.2.5. About Probes
1.2.5.1. Managing Probes
- Log into the Satellite as either a Satellite Administrator or the System Group Administrator for the system.
- Navigate to the System Details → Probes tab and click create new probe.
- On the System Probe Creation page, complete all required fields. First, select the Probe Command Group. This alters the list of available probes and other fields and requirements. See Appendix A, Probes for the complete list of probes by command group. Remember that some probes require the Red Hat Network monitoring daemon to be installed on the client system.
- Select the desired Probe Command and the monitoring Scout, typically
Red Hat Monitoring Satellite
but possibly a Red Hat Satellite Proxy Server. Enter a brief but unique description for the probe. - Select the Probe Notifications checkbox to receive notifications when the probe changes state. Use the Probe Check Interval dropdown menu to determine how often notifications should be sent. Selecting
1 minute
(and the Probe Notification checkbox) means you will receive notifications every minute the probe surpasses its CRITICAL or WARNING thresholds. See Section 1.2.4, “Enabling Notifications” to find out how to create notification methods and acknowledge their messages. - Use the RHNMD User and RHNMD Port fields, if they appear, to force the probe to communicate via
sshd
, rather than the Red Hat Network monitoring daemon. See Section 1.2.2.2, “Configuring SSH” for details. Otherwise, accept the default values ofnocpulse
and4545
, respectively. - If the Timeout field appears, review the default value and adjust to meet your needs. Most but not all timeouts result in an UNKNOWN state. If the probe's metrics are time-based, ensure the timeout is not less than the time allotted to thresholds. Otherwise, the metrics serve no purpose, as the probe will time out before any thresholds are crossed.
- Use the remaining fields to establish the probe's alert thresholds, if applicable. These CRITICAL and WARNING values determine at what point the probe has changed state. See Section 1.2.5.2, “Establishing Thresholds” for best practices regarding these thresholds.
- When finished, click Create Probe. Remember, you must commit your monitoring configuration change on the Scout Config Push page for this to take effect.
1.2.5.2. Establishing Thresholds
1.2.5.3. Monitoring the Satellite Server
Satellite
Probe Command Group. Next, complete the remaining fields as you would for any other probe. See Section 1.2.5.1, “Managing Probes” for instructions.
Note
1.2.6. Monitoring
1.2.6.1. Probe Status
Important
- Critical - The probe has crossed a CRITICAL threshold.
- Warning - The probe has crossed a WARNING threshold.
- Unknown - The probe is not able to accurately report metric or state data.
- Pending - The probe has been scheduled but has not yet run or is unable to run.
- OK - The probe is running successfully.
- Probe status
- All probes in a given state (OK, WARN, UNKNOWN, CRITICAL, PENDING)
- A Probe Event history
1.2.6.1.1. Probe Status ⇒ Critical
Important
1.2.6.1.2. Probe Status ⇒ Warning
Important
1.2.6.1.3. Probe Status ⇒ Unknown
Important
1.2.6.1.4. Probe Status ⇒ Pending
Important
1.2.6.1.5. Probe Status ⇒ OK
Important
1.2.6.1.6. Probe Status ⇒ All
Important
1.2.6.1.7. Current State
Important
1.2.6.2. Notification
Important
1.2.6.2.1. Notification ⇒ Filters
1.2.6.2.1.1. Notification ⇒ Notification Filters ⇒ Active Filters
- Description: Enter a value that allows you to distinguish this filter from others.
- Type: Determine what action the filter should take: redirect, acknowledge, suspend, or supplement the incoming notification.
- Send to: The Redirect Notification and Supplemental Notification options in step two require an email address to which to send the notifications. The remaining options require no email address.
- Scope: Determine which monitoring components are subject to the filter.
- Organization/Scout/Probe: This option allows you to select the organization, scout(s), or probe(s) to which this filter applies. To select multiple items from the list, hold the Ctrl key while clicking the names of the items. To select a range of items, hold the Shift key while clicking on the first and last items in the range.
- Probes in State: Select which probe state(s) relate to the filter. For example, you may choose to create a supplemental notification for critical probes only. Uncheck the box to the left of any state you want the filter to ignore.
- Notifications sent to: This is the method to which the notification would be sent if no filter were in place. You may, for example, redirect notifications that would normally go to a user should that individual go on vacation, leaving all other notifications from the probe unchanged.
- Match Output: Select precise notification results by entering a regular expression here. If the "Message:" portion of the notification does not match the regular expression, the filter is not applied.
- Recurring: Select whether a filter runs continuously or on a recurring basis. A recurring filter runs multiple times for a period of time smaller than the duration of the filter. For example, a recurring filter could run for 10 minutes of every hour between the start and end times of the filter. A non-recurring filter runs continuously between the start and end times of the filter.
- Beginning: Enter a date and time for the filter to begin operation.
- Ending: Enter an end date and time for the filter.
- Recurring Duration: How long a recurring filter instance is active. This field, applicable to recurring filters only, begins at the Beginning time specified above. Any notification generated outside of the specified duration is not filtered.
- Recurring Frequency: How often the filter activates.
1.2.6.2.1.2. Notification ⇒ Notification Filters ⇒ Expired Filters
1.2.6.3. Probe Suites
- From the Monitoring ⇒ Probe Suites page, select the create probe suite link. Enter an easily distinguishable name for the Probe Suite. You may also choose to add a brief description of the Suite. Click the Create Probe Suite button to continue.
- Add and configure the probes that comprise the Suite. Click the create new probe link in the upper right.
- Configure the probe and click the Create Probe button in the lower right. Repeat this process until all desired probes have been added.
Note
Sendmail must be configured correctly on your Red Hat Satellite and each client system to which the Probe Suite is applied must have therhnmd
daemon installed and running. See the Red Hat Satellite Installation Guide for additional information. - On the "Systems" tab, add the systems to which the Probe Suite applies. Click the add systems to probe suite link in the upper right of the screen to continue.
- The next page displays a list of all systems with Monitoring entitlements. Check the box to the left of the system(s) to which you wish to apply the Probe Suite, select the monitoring scout you wish to use, and click the Add systems to probe suite button to complete the creation of the Probe Suite.
- From the Monitoring ⇒ Probe Suites page, click on the title of the Probe Suite you wish to alter.
- Select the Probes sub-tab.
- Check the box next to the probe you wish to remove.
- Click the Delete probes from Probe Suites button.
- From the Monitoring ⇒ Probe Suites page, click on the title of the Probe Suite you wish to alter.
- Select the Systems sub-tab.
- Check the box next to the system(s) you wish to remove from the Probe Suite.
- Click the Detach System(s) from Probe Suite button
Note
- From the Monitoring ⇒ Probe Suites page, click on the title of the Probe Suite you wish to alter.
- Select the Systems sub-tab.
- Check the box next to the system(s) you wish to remove from the Probe Suite.
- Click the Remove System(s) from Probe Suite button.
1.2.6.4. Scout Config Push
Important
1.2.6.5. General Monitoring Config
Important
1.3. Multiple Satellites
Note
ISS Requirements
- Two or more Red Hat Satellite servers
- At least one Red Hat Satellite populated with at least one channel
- Satellite Administrator privileges on all Satellite systems intended for ISS
1.3.1. Inter-Satellite Synchronization
spacewalk-sync-setup
. Both methods are effective, and it would be left to the user's choice on which one to use.
1.3.1.1. Manual Configuration
Procedure 1.1. Configuring the Master Satellite Server
satellite-sync
operations use this information to assign custom channel ownership to the Slave Organization which is mapped to a specific Master Organization. It can also map the trust relationships between the exposed Master Organization to matching Slave Organizations, creating the equivalent relationships on the Slave.
- On the Web Interface:
- Log in as the Satellite Administrator.
- Click Admin → ISS Configuration → Master Setup.
- On the top right-hand corner, click Add New Slave.
- Fill in the following information:
- Slave Fully Qualified Domain Name (FQDN)
- Allow Slave to Sync? - Choosing this field will allow the Slave Satellite to access this Master Satellite. Otherwise, contact with this Slave will be denied.
- Sync all orgs to Slave? - Checking this field will synchronize all organizations to the Slave Satellite.
Note
Choosing the Sync All Orgs to Slave? option on the Master Setup page will override any specifically selected organizations in the Local Organization table below. - Click Create.
- (Optional) Click on any local organization to be exported to the Slave Satellite.
- Click Allow Orgs.
Note
In Satellite 5.5, the Master Satellite used theiss_slaves
parameter in the/etc/rhn/rhn.conf
file to identify which slaves could contact the Master Satellite. Satellite 5.6 uses the information in the Master Setup page to determine this information.
- On the Command Line:
- Enable the inter-satellite synchronization (ISS) feature in the
/etc/rhn/rhn.conf
file:disable_iss=0
- Save the configuration file, and restart the
httpd
service:service httpd restart
Procedure 1.2. Configuring Slave Servers
- In order to securely transfer content to the slave servers, the
ORG-SSL
certificate from the master server is needed. The certificate can be downloaded over HTTP from the/pub/
directory of any satellite. The file is calledRHN-ORG-TRUSTED-SSL-CERT
, but can be renamed and placed anywhere in the local filesystem of the slave, such as the/usr/share/rhn/
directory. - Log in to the Slave Satellite as the Satellite Administrator.
- Click Admin → ISS Configuration → Slave Setup.
- On the top right-hand corner, click Add New Master.
- Fill in the following information:
- Master Fully-Qualified Domain Name
- Default Master?
- Filename of this Master's CA Certificate - Use the full path of the CA Certificate downloaded in the initial step of this procedure.
- Click Add New Master.
Procedure 1.3. Performing an Inter-Satellite Synchronization
- Begin the synchronization by running the
satellite-sync
command:satellite-sync -c your-channel
Note
Command line options that are manually provided with thesatellite-sync
command will override any custom settings in the/etc/rhn/rhn.conf
file.
Procedure 1.4. Mapping the Master Satellite's Exported Organizations to the Slave Satellite's Organizations
After following the procedures preceding this one, the Master Satellite should show up in the Slave Satellite's Slave Setup under Admin → ISS Configuration → Slave Setup. If it does not, please re-check the steps above.
- Log in as the Satellite Administrator.
- Click on Admin → ISS Configuration → Slave Setup.
- Select a Master Satellite by clicking on it's name.
- Use the drop-down box to map the exported master organization name to a matching local organization in the Slave Satellite.
- Click Update Mapping.
- On the command line, issue the
satellite-sync
on each of the custom channels to obtain the correct trust structure and channel permissions:satellite-sync -c your-channel
1.3.1.2. Automated Configuration
spacewalk-sync-setup
allows users to specify a Master and Slave Satellite instance and uses configuration files to set up the information described in both the Master and Slave setup. It can create a set of default configuration files if requested. Essentially, it automates the previously setup and mapped configuration for Master-Slave relationships.
In order for automated configuration to succeed:
- The spacewalk-util package needs to be installed on the system that will issue the command
spacewalk-sync-setup
. - Existing organizations with custom permissions on the Master Satellite must be present.
- Existing organizations within the Slave Satellite must be present.
Procedure 1.5. Configuring the Master Satellite Server
- Enable the inter-satellite synchronization (ISS) feature in the
/etc/rhn/rhn.conf
file:disable_iss=0
- Save the configuration file, and restart the
httpd
service:service httpd restart
Procedure 1.6. Configuring Slave Servers
- In order to securely transfer content to the slave servers, the
ORG-SSL
certificate from the master server is needed. The certificate can be downloaded over HTTP from the/pub/
directory of any satellite. The file is calledRHN-ORG-TRUSTED-SSL-CERT
, but can be renamed and placed anywhere in the local filesystem of the slave, such as the/usr/share/rhn/
directory. - Log in to the Slave Satellite as the Satellite Administrator.
- Click Admin → ISS Configuration → Slave Setup.
- On the top right-hand corner, click Add New Master.
- Fill in the following information:
- Master Fully-Qualified Domain Name
- Default Master?
- Filename of this Master's CA Certificate - Use the full path of the CA Certificate downloaded in the initial step of this procedure.
- Click Add New Master.
Procedure 1.7. Mapping Master Satellite Organizations to Slave Satellite Organizations with spacewalk-sync-setup
- Log in to a system. It does not matter if it is a Master Satellite, a Slave Satellite or a different system altogether, as long as the system can access the public XMLRPC API of the Master and Slave Satellites.
- Issue the
spacewalk-sync-setup
on a command line interface:spacewalk-sync-setup --ms=[Master_FQDN] \ --ml=[Master_Sat_Admin_login] \ --mp=[Master_Sat_Admin_password] \ --ss=[Slave FQDN] --sl=[Slave_Sat_Admin_login] \ --sp=[Slave_Sat_Admin_password> \ --create-templates --apply
Where:- --ms=MASTER, --master-server=MASTER is the FQDN of the Master to connect to
- --ml=MASTER_LOGIN, --master-login=MASTER_LOGIN is the Satellite Administrator login for the Master Satellite
- --mp=MASTER_PASSWORD, --master-password=MASTER_PASSWORD is the password for the Satellite Administrator login on the Master Satellite
- --ss=SLAVE, --slave-server=SLAVE is the FQDN of the Slave Satellite to connect to.
- --sl=SLAVE_LOGIN, --slave-login=SLAVE_LOGIN is the Satellite Administrator login for the Slave Satellite
- --sp=SLAVE_PASSWORD, --slave-password=SLAVE_PASSWORD is the password for the Satellite Administrator login on the Slave Satellite
- --ct, --create-templates is the option that creates both a master and a slave setup file for the master/slave pair we've pointed at
- --apply tells the Satellite instances to make the changes specified by the setup files to the specified Satellite instances
Note
For more setup options:spacewalk-sync-setup --help
The output from this command will be as follows:INFO: Connecting to [admin@master-fqdn] INFO: Connecting to [admin@slave-fqdn] INFO: Generating master-setup file $HOME/.spacewalk-sync-setup/master.txt INFO: Generating slave-setup file $HOME/.spacewalk-sync-setup/slave.txt INFO: Applying master-setup $HOME/.spacewalk-sync-setup/master.txt INFO: Applying slave-setup $HOME/.spacewalk-sync-setup/slave.txt
- On the command line, issue the
satellite-sync
command on each of the custom channels to obtain the correct trust structure and channel permissions:satellite-sync -c your-channel
1.3.2. Organizational Synchronization
- If the source content belongs to the
NULL
organization (that is, it is Red Hat content) it will default to theNULL
organization even if a destination organization is specified. This ensures that specified content is always in the privilegedNULL
organization. - If an organization is specified at the command line, content will be imported from that organization.
- If no organization is specified, it will default to organization 1.
orgid
) are used to synchronize satellites:
Example 1.1. Import Content from Master to Slave Satellite
satellite-sync --parent-sat=master.satellite.example.com -c channel-name --orgid=2
Example 1.2. Import Content from an Exported Dump of an Organization
$ satellite-sync -m /dump -c channel-name --orgid=2
Example 1.3. Import Content from Red Hat Network Hosted
$ satellite-sync -c channel-name
1.3.3. Inter-Satellite Synchronization Use Cases
Example 1.4. Staging Satellite


- Run the
satellite-sync
command to synchronize data with rhn_parent (usually Red Hat Network Hosted):satellite-sync -c your-channel
- Run the following command to synchronize data from the staging server:
satellite-sync --iss-parent=staging-satellite.example.com -c custom-channel
Example 1.5. Synchronized Slaves

Example 1.6. Slave Custom Content

Example 1.7. Bi-directional sync
satellite-sync
is run will pull the content from the other Satellite server and the synchronized data will depend on the options run with satellite-sync
. Without any options, the synchronization will attempt to update everything that was previously synchronized.

Chapter 2. Red Hat Satellite and Solaris-specific Information
2.1. UNIX Support Guide
2.1.1. Introduction
2.1.1.1. Supported UNIX Variants
Table 2.1. Supported Solaris Architectures and Versions
Solaris Version | sun4m | sun4d | sun4u | sun4v | sun4us | x86 |
---|---|---|---|---|---|---|
Solaris 8 | yes | no | yes | n/a | no | no |
Solaris 9 | yes | n/a | yes | n/a | no | yes |
Solaris 10 | n/a | n/a | yes | yes | no | yes |
2.1.1.2. Prerequisites
- Red Hat Satellite 5.0 or later
- A Satellite certificate with Management entitlements
- Management entitlements for each UNIX client
- Red Hat Network packages for UNIX including python, pyOpenSSL, and the Red Hat Network Client packages
- Sunfreeware packages that provide supporting libraries
Note
Some of these packages are available via the Red Hat Satellite. See Section 2.1.3.1, “Downloading and Installing Additional Packages” for the complete list.
2.1.1.3. Included Features
- The Red Hat Network Service Daemon (
rhnsd
), which triggersrhn_check
according to a configurable interval - The Red Hat Network Configuration Client (
rhncfg-client
), which executes all configuration actions scheduled from the Satellite - The Red Hat Network Configuration Manager (
rhncfg-manager
), which allows command line administration of Red Hat Network configuration channels - The
rhn_check
program, which checks in with the Satellite and performs any actions scheduled from the server - All Management-level functionality, such as system grouping, package profile comparison, and use of the System Set Manager to administer multiple systems at once
- A Provisioning feature called Remote Command which enables users to schedule root-level commands on any managed client through the Satellite's website, if the client allows this action
2.1.1.4. Differences in Functionality
- The Red Hat Update Agent for UNIX offers a much smaller set of options than its Linux counterpart and relies upon the operating system's native toolset for package installation, rather than
rpm
- See Section 2.1.4.2.4, “Updating From the Command Line” for the precise list of options. - The Red Hat Network Push application has been similarly modified to upload native UNIX file types, including packages, patches, and patch clusters.Since Solaris package, patch and patch cluster files are different from RPM files, the channel upload mechanism is somewhat different.There are two applications in the
rhnpush
package for Solaris:- The first,
solaris2mpm
, is an Red Hat Network utility that creates an MPM file for each Solaris package or patch. The neutral format of the MPM file allows the Satellite to understand and manage the uploaded files. - The second,
rhnpush
, has been extended so that it can handle MPM as well as RPM files. Otherwise, it operates identically to the Linux version ofrhnpush
.
- The Channels tab of the Red Hat Network website has been augmented to accommodate the storage and installation of native UNIX file types.
2.1.1.5. Excluded Features
- All Provisioning-level functionality, such as kickstarting and package rollback, with the exception of configuration file management
- All Errata-related options, since the concept of Errata Updates is not understood in UNIX
- Source files for packages
RHAT*.pkg
files during installation is not supported.
2.1.2. Satellite Server Preparation/Configuration
- During the Satellite installation:Enable UNIX support on the Satellite by checking the "Enable Solaris Support" box during the installation process, as pictured:
Figure 2.1. Enabling UNIX Support During Satellite Installation
- After the Satellite has been installed:Enable UNIX support by configuring the Satellite after it has been installed. To do so, select Admin in the top menu bar, then select Satellite Configuration in the left navigation bar. In the screen that follows, check the Enable Solaris Support box, as pictured:
Figure 2.2. Enabling UNIX Support After Satellite Installation
Click the Update Configuration button to confirm the change. - Finally, create a base channel to which your client systems may subscribe. Red Hat Network does not provide UNIX content,
satellite-sync
cannot be used to create the channel.To create a Solaris channel, login to the web interface of the Satellite as either a Satellite Administrator or a certificate authority. Navigate to the Channel tab, followed by the Manage Software Channels from the left navigation bar. Click the create new channel link in the upper right of the resulting screen. Provide a name and label for your new channel, and select either SPARC Solaris or i386 Solaris as the architecture, depending on the architecture of the client.
2.1.3. Unix Client System Preparation
- Download and install
gzip
and the required third-party libraries. - Download the Red Hat Network application tarball from the Satellite to the client and install the contents.
- Next, deploy the SSL certificates required for a secure connection.
- Configure the client applications to connect to the Red Hat Satellite.
2.1.3.1. Downloading and Installing Additional Packages
up2date
), which provides the link between your client systems and Red Hat Network. The UNIX-specific version of the Red Hat Update Agent is limited in functionality compared to its Linux counterpart but still enables system registration and facilitates package installs and patches. See Section 2.1.4, “Unix Client Registration and Updates” for a full description of the tool's options.
Note
bash
when first logging into the Solaris client. If the BASH shell is available, it will make the system's behavior as Linux-like as possible.
2.1.3.1.1. Install Third-Party Packages
gzip
libgcc
openssl
zlib
gzip
utility is provided by the SUNW gzip package and may be downloaded from http://www.sunfreeware.com.
SUNWgccruntime
SUNWopenssl*
SUNWzlib
SMClibgcc
orSMCgcc
SMCossl
SMCzlib
pkginfo
command. For example, to check for a package that contains "zlib" in the name, run the following command:
# pkginfo | grep zlib
Note
libgcc<version>-sol<solaris-version>-sparc-local.gz
becomes SMClibgcc after installation
2.1.3.1.2. Configuring the Library Search Path
# crle -c /var/ld/ld.config
-l
option resets the value, rather than appending it, so if there already were values set on your system, prepend them to the -l parameter.
# crle -c /var/ld/ld.config -l /other/existing/path:/lib:/usr/lib:/usr/local/lib
# crle -c /var/ld/ld.config -l /other/existing/path:/lib:/usr/lib:/usr/local/lib:/usr/sfw/lib
2.1.3.1.3. Downloading Red Hat Network Client Packages
/var/www/html/pub/
directory of your Satellite. If you are able to use a GUI web browser like Mozilla, navigate to the /pub
directory of the Satellite and save the appropriate tarball to your client:
http://your-satellite.example.com/pub/rhn-solaris-bootstrap-<version>-<solaris-arch>-<solaris-version>.tar.gz
ftp
to transfer the file from the Satellite to the client.
gzip
, decompress the tarball. You should have the following packages:
RHATpossl
RHATrhnrcfg
RHATrhnrcfga
RHATrhnrcfgc
RHATrhnrcfgm
RHATrhnc
RHATrhnl
RHATrpush
RHATsmart
SMClibgcc
and SMCosslg
may also be included in the tarball.
2.1.3.1.4. Installing the Red Hat Network Packages
pkgadd
command. Answer "yes" to any prompts during package install.
# pkgadd -d RHATpossl-0.6-1.p24.6.pkg all # pkgadd -d RHATpythn-2.4.1-2.rhn.4.sol9.pkg all # pkgadd -d RHATrhnl-1.8-7.p23.pkg all ...
Note
-n
option for pkgadd
to run the command in non-interactive mode. However, this may cause the installation of some packages to fail silently on Solaris 10.
/opt/redhat/rhn/solaris/
.
2.1.3.1.5. Including Red Hat Network Packages in the PATH
# PATH=$PATH:/opt/redhat/rhn/solaris/bin # PATH=$PATH:/opt/redhat/rhn/solaris/usr/bin # PATH=$PATH:/opt/redhat/rhn/solaris/usr/sbin # export PATH
# MANPATH=$MANPATH:/opt/redhat/rhn/solaris/man # export MANPATH
# man -M /opt/redhat/rhn/solaris/man <man page>
libgcc
, openssl
and zlib
.
crle -c /var/ld/ld.config -l <current library paths>:/opt/redhat/rhn/solaris/lib
2.1.3.2. Deploying Client SSL Certificates
/pub/
directory of the Satellite's Web server.
- Download the SSL certificate from the
/var/www/html/pub/
directory of the Red Hat Satellite onto the client system. The certificate will be named something similar toRHN-ORG-TRUSTED-SSL-CERT
. It is accessible via the web at the following URL:https://your-satellite.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT
. - Move the client SSL certificate to the Red Hat Network-specific directory for your UNIX variant. For Solaris, this can be accomplished with a command similar to:
mv /path/to/RHN-ORG-TRUSTED-SSL-CERT /opt/redhat/rhn/solaris/usr/share/rhn/
2.1.3.3. Configuring the clients
- As root, change to the Red Hat Network configuration directory for the system. For Solaris, the full path is
/opt/redhat/rhn/solaris/etc/sysconfig/rhn/
. - Open the
up2date
configuration file in a text editor. - Find the
serverURL
entry and set its value to the fully qualified domain name (FQDN) of your Red Hat Satellite:serverURL[comment]=Remote server URL serverURL=https://your-satellite.example.com/XMLRPC
- Ensure the application refers to the Red Hat Satellite even when SSL is turned off by also setting the
noSSLServerURL
value to the Satellite:noSSLServerURL[comment]=Remote server URL without SSL noSSLServerURL=http://your-satellite.example.com/XMLRPC
- With the
up2date
configuration file still open, find thesslCACert
entry and set its value to the name and location of the SSL certificate described in Section 2.1.3.2, “Deploying Client SSL Certificates”, for example:sslCACert[comment]=The CA cert used to verify the ssl server sslCACert=/opt/redhat/rhn/solaris/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
2.1.4. Unix Client Registration and Updates
2.1.4.1. Registering Unix Systems
rhnreg_ks
command to accomplish this; the use of activation keys for registering your systems is optional. These keys allow you to predetermine settings within Red Hat Network, such as base channels and system groups, and to apply those automatically to systems during their registration.
- Log into the Satellite's web interface and click the Systems tab in the top navigation bar followed by Activation Keys in the left navigation bar. Then click the create new key link at the top-right corner of the page.
- On the following page, select the base channel you created at the end of Section 2.1.2, “Satellite Server Preparation/Configuration”.
- After creating the key, click its name in the Activation Keys list to enhance its Red Hat Network settings by associating software and configuration channels and system groups.
- Open a terminal on the client system to be registered and switch user to root.
- Use
rhnreg_ks
along with the--activationkey
option to register the client with the Satellite. The string of characters that make up the key may be copied directly from the Activation Keys list on the website. The resulting command will look something like the following:rhnreg_ks --activationkey=b25fef0966659314ef9156786bd9f3af
- Go back to the website, click the name of the activation key, and ensure the new system appears within the Activated Systems tab.
2.1.4.2. Obtaining Updates
2.1.4.2.1. Uploading Packages to the Satellite
solaris2mpm
to translate Solaris packages, patches, and patch clusters to a format that the Satellite can understand.
2.1.4.2.1.1. solaris2mpm
solaris2mpm
is part of Red Hat Network Push for Solaris. The content that is pushed to a Solaris channel on the Satellite must first be in .mpm format.
Note
/tmp/
will be used for this purpose. However, the --tempdir
option allows you to specify another directory if necessary.
# solaris2mpm RHATrpush-3.1.5-21.pkg RHATrpush-3.1.5-23.pkg Opening archive, this may take a while Writing out RHATrpush-3.1.5-21.sparc-solaris.mpm Opening archive, this may take a while Writing out RHATrpush-3.1.5-23.sparc-solaris.mpm
name-version-release.arch.mpm
Table 2.2. solaris2mpm options
Option | Description |
---|---|
--version
|
Displays the program's version number and exits
|
-h, --help
|
Displays this information and exits
|
-?, --usage
|
Prints program usage information and exits
|
--tempdir=<tempdir>
|
Temporary directory to work from
|
--select-arch=<arch>
|
Selects the architecture (i386 or SPARC) for multi-arch packages.
|
2.1.4.2.1.2. rhnpush
with .mpm Files
rhnpush
works like the standard utility, but with the added ability to handle .mpm files. Below is a usage example:
% rhnpush -v --server testbox.example.com --username myuser -c solaris-8 \ RHATrpush-3.1.5-*.mpm Red Hat Network password: Connecting to http://testbox.example.com/APP Uploading package RHATrpush-3.1.5-21.sparc-solaris.mpm Uploading package RHATrpush-3.1.5-23.sparc-solaris.mpm
Note
2.1.4.2.2. Updating Through the Website
2.1.4.2.3. rhnsd
rhnsd
daemon, which instructs the client system to check in with Red Hat Network, automatically starts at boot time. On Solaris systems, rhnsd
does not start at boot time by default. It can be started from the command line in this way:
rhnsd --foreground --interval=240
rhnsd
is /opt/redhat/rhn/solaris/usr/sbin/rhnsd
. Below are the available options for rhnsd
on Solaris:
Table 2.3. rhnsd
Options
Option | Description |
---|---|
-f, --foreground
|
Run in foreground
|
-i, --interval=MINS
|
Connect to Red Hat Network every MINS minutes
|
-v, --verbose
|
Log all actions to syslog
|
-h, --help
|
Give this help list
|
-u, --usage
|
Give this help list
|
-V, --version
|
Print program version
|
2.1.4.2.4. Updating From the Command Line
up2date
command. The most significant difference is the absence of all options regarding source files. See Table 2.4, “Update Agent Command Line Arguments” for the precise list of options available for UNIX systems.
Table 2.4. Update Agent Command Line Arguments
Argument | Description |
---|---|
--version | Show program version information. |
-h , --help | Show this help message and exit. |
-v , --verbose | Show additional output. |
-l , --list | List the latest versions of all packages installed. |
-p , --packages | Update packages associated with this System Profile. |
--hardware | Update this system's hardware profile on Red Hat Network. |
--showall | List all packages available for download. |
--show-available | List all the packages available that are not currently installed. |
--show-orphans | List all the packages currently installed that are not in channels the system is subscribed to. |
--show-channels | Show the channel names along with the package names where appropriate. |
--installall | Install all available packages. Use with --channel . |
--channel=CHANNEL | Specify which channels to update from using channel labels. |
--get | Fetch the package specified without resolving dependencies. |
2.1.5. Remote Commands
2.1.5.1. Enabling Commands
script
, the file must be named run
, and both must be located in the /etc/sysconfig/rhn/allowed-actions/
directory specific to your UNIX variant.
mkdir -p /opt/redhat/rhn/solaris/etc/sysconfig/rhn/allowed-actions/script
touch /opt/redhat/rhn/solaris/etc/sysconfig/rhn/allowed-actions/script/run
2.1.5.2. Issuing Commands
Chapter 3. Red Hat Satellite Proxy Information
3.1. Using the Red Hat Network Package Manager and Serving Local Packages through the Red Hat Network Proxy
spacewalk-proxy-package-manager
package and its dependencies.
*.rpm
) are stored on the Red Hat Network Proxy Server.
/etc/rhn/rhn.conf
configuration file.
rhn_package_manager
:
Table 3.1. rhn_package_manager
options
Option | Description |
---|---|
-v , --verbose | Increase verbosity. |
-d DIR, --dir= DIR | Process packages from directory DIR. |
-c CHANNEL, --channel= CHANNEL | Manage this channel - may be present multiple times. |
-n NUMBER, --count= NUMBER | Process this number of headers per call - the default is 32. |
-l , --list | List each package name, version number, release number, and architecture in the specified channel(s). |
-s , --sync | Check if local directory is in sync with the server. |
-p , --printconf | Print the current configuration and exit. |
-X PATTERN, --exclude= PATTERN | Exclude files matching this glob expression - can be present multiple times. |
--newest | Push only the packages that are newer than packages already pushed to the server for the specified channel. |
--stdin | Read the package names from stdin. |
--nosig | Push unsigned packages. By default the Red Hat Network Package Manager attempts to push only signed packages. |
--username= USERNAME | Specify your Red Hat Network username. If you do not provide one with this option, you will be prompted for it. |
--password= PASSWORD | Specify your Red Hat Network password. If you do not provide one with this option, you will be prompted for it. |
--source | Upload source package headers. |
--dontcopy | In the post-upload step, do not copy the packages to their final location in the package tree. |
--test | Only print the packages to be pushed. |
--no-ssl | Not recommended - Turn off SSL. |
-? , --usage | Briefly describe the options. |
--copyonly | Copies the file listed in the argument into the specified channel. Useful when a channel on the proxy is missing a package and you don't want to reimport all of the packages in the channel. E.g., rhn_package_manager -c CHANNEL--copyonly /PATH/TO/MISSING/FILE |
-h , --help | Display the help screen with a list of options. |
Note
rhn_package_manager
man page: man rhn_package_manager
.
- Create a private channel.
- Upload the local packages into the channel.
3.1.1. Creating a Private Channel
- Log in to the Red Hat Network Web interface at https://rhn.redhat.com or to the local Red Hat Satellite server in the network.
- Click Channels on the top navigation bar. If the Manage Channels option is not present in the left navigation bar, ensure that this user has channel editing permissions set. Do this through the Users category accessible through the top navigation bar.
- In the left navigation bar, click Manage Software Channels and then the create new channel button at the top-right corner of the page.
- Select a parent channel and base channel architecture, then enter a name, label, summary, and description for the new private channel. The channel label must: be at least six characters long, begin with a letter, and contain only lowercase letters, digits, dashes (-), and periods(.). Also enter the URL of the channel's GPG key. Although this field is not required, it is recommended to enhance security. For instructions on generating GPG keys, see the Red Hat Network Channel Management Guide.
- Click Create Channel.
3.1.2. Uploading Packages
Note
rhn_package_manager -c "label_of_private_channel" pkg-list
/var/spool/rhn-proxy/rhn
.
pkg-list
is the list of packages to be uploaded. Alternatively, use the -d
option to specify the local directory that contains the packages to add to the channel. Ensure that the directory contains only the packages to be included and no other files. Red Hat Network Package Manager can also read the list of packages from standard input (using --stdin
).
rhn_package_manager -c "label_of_private_channel" --source pkg-list
-c
or --channel
), the uploaded package headers will be linked to all the channels listed.
Note
rhn_package_manager -s -c "label_of_private_channel"
-s
option will list all the missing packages (packages uploaded to the Red Hat Network Server not present in the local directory). You must be an Organization Administrator to use this command. The script will prompt you for your Red Hat Network username and password.
Chapter 4. Custom Package Management
4.1. Building Packages for Red Hat Network
4.1.1. RPM Benefits
- Easy Upgrades
- Using RPM, you upgrade individual components of a system without completely reinstalling. When Red Hat releases a new version of Red Hat Enterprise Linux, users do not have to reinstall in order to upgrade. RPM allows intelligent, fully-automated, in-place upgrades of the system. Configuration files in packages are preserved across upgrades so users do not lose customizations. There are no special upgrade files needed to update a package because the same RPM file is used to install and upgrade the package.
- Package Querying
- RPM provides querying options that allows a search through the entire RPM database for all packages or just for certain files. RPM can also find out what package the file belongs to and where the package came from. The files contained in the package are in a compressed archive, with a custom binary header containing useful information about the package and its contents. RPM queries the headers quickly and easily.
- System Verification
- Another feature is the ability to verify packages. If there are concerns that a file related to a package was deleted, verify the package to check the status of the files it provides. The verification notifies you of any anomalies. If errors do exist, the files are reinstalled easily. Modified configuration files are preserved during reinstallation.
- Pristine Sources
- A crucial design goal of RPM is to allow the use of pristine software sources, as distributed by the original authors of the software. With RPM, the pristine sources can be packaged, along with any patches that were used, plus complete build instructions. This is an important advantage for several reasons. For instance, if a new version of a program is released, it is unnecessary to start from scratch to make it compile. Looking at the match may allow you to see what you might need to do. All the compiled-in defaults and changes made to get the software to build properly are easily visible using this technique.Keeping sources pristine may seem important only to developers, but it results in higher quality software for end users as well.
4.1.2. Red Hat Network RPM Guidelines
- Learn RPM. It is crucial to have a fundamental understanding of the important features of RPM to build packages properly. For more information about RPM, start with the following resources:
- When building an RPM for a child channel, build the package on a fresh install of Red Hat Enterprise Linux of the same version as the child's base channel. Be sure to apply all updates from Red Hat Network first.
- The RPM package must install without using the
--force
or--nodeps
options. If an RPM cannot be installed cleanly on a build system, Red Hat Network cannot install it automatically on a system. - The RPM package filename must be in the NVR (name, version, release) format and must contain the architecture for the package. The proper format is
name-version-release.arch.rpm
. For example, a valid RPM package filename ispkgname-0.84-1.i386.rpm
, where name is pkgname, version is 0.84, release is 1, and arch is i386. - The RPM package should be signed by the maintainer of the package. Unsigned packages may be distributed through Red Hat Network, but the yum updater must be forced to accept them. Signing packages is highly recommended and is covered in Section 4.2, “Digital Signatures for Red Hat Network Packages”.
- If the package is changed in any way, including changing the signature or recompiling, the version or release must be increased incrementally. In other words, the NVRA (including architecture) for each RPM distributed through Red Hat Network must correspond to a unique build to avoid ambiguities.
- No RPM package may obsolete itself.
- If a package is split into separate packages, be extremely careful with the dependencies. Do not split an existing package unless there is a compelling reason to do so.
- No package may rely upon interactive pre-install, post-install, pre-uninstall, or post-uninstall scripts. If the package requires direct user intervention during installation, it cannot work with Red Hat Network.
- Any pre-install, post-install, pre-uninstall, and post-uninstall scripts should never write anything to stderr or stdout. Redirect the messages to
/dev/null
if they are not necessary. Otherwise, write them to a file. - When creating the spec file, use the group definitions from
/usr/share/doc/rpm-<version>/GROUPS
. If there is not an exact match, select the next best match. - Use the RPM dependency feature to make sure the program runs after it is installed.
Important
4.2. Digital Signatures for Red Hat Network Packages
4.2.1. Generating a GnuPG Keypair
- Type the following command as the root user on the shell prompt:
gpg --gen-key
GPG Keypairs should not be created by non-root users. The root user can lock memory pages which means the information is never written to disk, unlike non-root users. - After executing the command to generate a keypair, an introductory screen containing key options similar to the following will appear:
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection?
- Choose the option: (2) DSA and ElGamal. This option allows you to create a digital signature and encrypt/decrypt with two types of technologies. Type
2
and then press Enter. - Choose the key size, which is how long the key should be. The longer the key, the more resistant against attacks the messages are. Creating a key of at least 2048 bits in size is recommended.
- The next option will ask to specify how long the key needs to be valid. When choosing an expiration date, remember that anyone using the public key must also be informed of the expiration and supplied with a new public key. It is recommended to not select an expiration date. If an expiration date is not specified, you are asked to confirm your decision:
Key does not expire at all Is this correct (y/n)?
- Press y to confirm your decision.
- Provide a User-ID containing your name, your email address, and an optional comment. Each of these is requested individually. When finished, you are presented with a summary of the information you entered.
- Accept your choices and enter a passphrase.
Note
Like your account passwords, a good passphrase is essential for optimal security in GnuPG. Mix your passphrase with uppercase and lowercase letters, use numbers, and/or include punctuation marks. - Once you enter and verify your passphrase, the keys are generated. A message similar to the following appears:
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++.+++++.++++++++....++++++++++..+++++.+++++.+++++++.+++++++ +++. ++++++++++++++++++++++++++++++++++++++..........................++++
When the activity on the screen ceases, your new keys are placed in the directory.gnupg
in root's home directory. This is the default location of keys generated by the root user.
gpg --list-keys
gpg: key D97D1329 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u gpg: next trustdb check due at 2013-08-28 pub 2048D/D97D1329 2013-08-27 [expires: 2013-08-28] Key fingerprint = 29C7 2D2A 5F9B 7FF7 6411 A9E7 DE3E 5D0F D97D 1329 uid Your Name<you@example.com> sub 2048g/0BE0820D 2013-08-27 [expires: 2013-08-28]
gpg --export -a 'Your Name' > public_key.txt
public_key.txt
.
yum
. Techniques for deploying this key across an organization are covered in the Red Hat Network Client Configuration Guide.
4.2.2. Signing packages
~/.rpmmacros
file to include the following:
%_signature gpg %_gpg_name B7085C8A
_gpg_name
key ID value of B7085C8A with the key ID from your GPG keyring that you use to sign packages. This value tells RPM which signature to use.
rpm --resign package-name-1.0-1.noarch.rpm
rpm --checksig -v package-name-1.0-1.noarch.rpm
Note
rpm --checksig -v
command, import the gpg key. See Section 4.3, “Importing Custom GPG Keys” in the next section for more information.
4.3. Importing Custom GPG Keys
cp /some/path/YOUR-RPM-GPG-KEY /var/www/html/pub/
wget -O- -q http://your_proxy_or_sat.your_domain.com/pub/YOUR-RPM-GPG-KEY
-O-
option sends results to standard output while the -q
option sets Wget to run in quiet mode. Remember to replace the YOUR-RPM-GPG-KEY variable with the filename of your key.
rpm --import /path/to/YOUR-RPM-GPG-KEY
Note
Chapter 5. Troubleshooting
tail -f
command for all log files and then run yum list
. You should then examine all new log entries for potential clues.
- 5.1. Disk Space
- 5.2. Installing and Updating
- 5.3. Services
- 5.4. Connectivity
- 5.5. Logging and Reporting
- 5.6. Errors
- Q: I'm getting an "Error validating satellite certificate" error during a Red Hat Satellite installation. How do I fix it?
- Q: I'm getting an "ERROR: server.mount_point not set in the configuration file" error when I try to activate or synchronize the Red Hat Satellite. How do I fix it?
- Q: Why does cobbler check give an error saying that it needs a different version of yum-utils?
- Q: I'm getting an "unsupported version" error when I try to activate the Red Hat Satellite certificate. How do I fix it?
- Q: I'm getting an "Internal Server Error" complaining about ASCII when I try to edit the kickstart profile. What's going on?
- Q: I'm getting "Host Not Found" or "Could Not Determine FQDN" errors. What do I do now?
- Q: I'm getting a "This server is not an entitled Satellite" when I try to synchronize the Red Hat Satellite server. How do fix it?
- 5.7. Web Interface
- 5.8. Anaconda
- 5.9. Tracebacks
- 5.10. Registration
- 5.11. Kickstarts and Snippets
- 5.12. Monitoring
- 5.13. Multi-Organization Satellites and Satellite Certificate
- 5.14. Proxy Installation and Configuration
- Q: After configuring the Red Hat Network Package Manager how can I determine if the local packages were successfully added to the private Red Hat Network channel?
- Q: How can I determine whether the clients are connecting to the Squid server?
- Q: The Red Hat Update Agent on the client systems does not connect through the Red Hat Satellite Proxy. How can I resolve this error?
- Q: My Red Hat Satellite Proxy configuration does not work. Where do I begin troubleshooting it?
- Q: How do I troubleshoot general problems in the Red Hat Satellite Proxy?
- Q: My Red Hat Satellite Proxy encountered the error "Host Not Found"/"Could not Determine FQDN". What should I do?
- Q: I am having issues with Red Hat Satellite Proxy and network connection errors. What should I do?
- Q: I am having issues with package delivery errors and object corruption. What should I check for?
5.1. Disk Space
# df -h
# /usr/sbin/rhn-satellite status
# service httpd status
5.2. Installing and Updating
audit.log
files available so that Red Hat Support personnel can assist you. You can find the file in /var/log/audit/audit.log
and can attach the file to your Support ticket for engineers to assist you.
/var/satellite
to an NFS mount, and now SELinux is stopping it from working properly. What do I need to do?
# /usr/sbin/setsebool -P spacewalk_nfs_mountpoint on
# /usr/sbin/setsebool -P cobbler_use_nfs on
- Red Hat Developer Suite
- Red Hat Application Server
- Red Hat Extras
- JBoss product channels
5.3. Services
/etc/hosts
file may be incorrect.
# service taskomatic status
# db-control status
# service jabberd stop # rm -f /var/lib/jabberd/db/_db* # service jabberd start
5.4. Connectivity
- Attempt to connect to the Red Hat Satellite's database at the command line using the correct connection string as found in
/etc/rhn/rhn.conf
:# sqlplus username/password@sid
- Make sure that Red Hat Satellite is using Network Time Protocol (NTP) and set to the appropriate time zone. This also applies to all client systems and the separate database machine in Red Hat Satellite with Stand-Alone Database.
- Confirm the correct package:
rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm
is installed on the Red Hat Satellite and the correspondingrhn-org-trusted-ssl-cert-*.noarch.rpm
or raw CA SSL public (client) certificate is installed on all client systems. - Verify the client systems are configured to use the appropriate certificate.
- If also using one or more Red Hat Satellite Proxy Servers, ensure each Proxy's SSL certificates are prepared correctly. The Proxy should have both its own server SSL key-pair and CA SSL public (client) certificate installed, since it will serve in both capacities. See the SSL Certificates chapter of the Red Hat Satellite Client Configuration Guide for specific instructions.
- Make sure client systems are not using firewalls of their own, blocking required ports as identified in the Red Hat Satellite Installation Guide's Additional Requirements section.
# rm -rf temporary-directory
Note
/var/rhn-sat-import/
as the temporary directory.
SSL_CONNECT
errors, is the result of a Satellite being installed on a machine whose time had been improperly set. During the Satellite installation process, SSL certificates are created with inaccurate times. If the Satellite's time is then corrected, the certificate start date and time may be set in the future, making it invalid.
# date
# openssl x509 -dates -noout -in /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# openssl x509 -dates -noout -in /etc/httpd/conf/ssl.crt/server.crt
5.5. Logging and Reporting
/var/log/rhn/
directory. These are rotated logs, which are log files created with a .<NUMBER> extension when the current rhn_satellite_install.log
file fills up to a size as specified by the logrotate(8)
daemon and the contents written to a rotated log file. For example, the rhn_satellite_install.log.1
contains the oldest rotated log file, while rhn_satellite_install.log.4
contains the most recently rotated log.
Table 5.1. Log Files
Component/Task | Log File Location |
---|---|
Apache Web server | /var/log/httpd/ directory |
Red Hat Satellite | /var/log/rhn/ directory |
Red Hat Satellite Installation Program | /var/log/rhn/rhn_satellite_install.log |
Database installation - Embedded Database | /var/log/rhn/install_db.log |
Database population | /var/log/rhn/populate_db.log |
Red Hat Satellite Synchronization Tool | /var/log/rhn/rhn_server_satellite.log |
Monitoring infrastructure | /var/log/nocpulse/ directory |
Monitoring notifications | /var/log/notification/ directory |
Red Hat Network DB Control - Embedded Database | /var/log/rhn/rhn_database.log |
Red Hat Network Task Engine (taskomatic) | /var/log/messages |
yum | /var/log/yum.log |
XML-RPC transactions | /var/log/rhn/rhn_server_xmlrpc.log |
spacewalk-report
?
spacewalk-report
command to gather and display vital Satellite information at once.
Note
spacewalk-report
you must have the spacewalk-reports
package installed.
spacewalk-report
allows administrators to organize and display reports about content, errata, systems, system event history, and user resources across the Satellite. The spacewalk-report
command is used to generate reports on:
- System Inventory - Lists all of the systems registered to the Satellite.
- Entitlements - Lists all organizations on the Satellite, sorted by system or channel entitlements.
- Errata - Lists all the errata relevant to the registered systems, sorts errata by severity as well as the systems that apply to a particular erratum.
- Users - Lists all the users registered to the Satellite, and lists any systems associated with a particular user.
- System History - Lists all, or a subset, of the system events that have occurred.
# spacewalk-report report_name
Table 5.2. spacewalk-report
Reports
Report | Invoked as | Description |
---|---|---|
System Inventory | inventory | List of systems registered to the server, together with hardware and software information |
Entitlements | entitlements | Lists all organizations on the Satellite with their system or channel entitlements |
Errata in channels | errata-channels | Lists errata in channels |
All Errata | errata-list-all | Complete list of all errata |
Errata for systems | errata-systems | Lists applicable errata and any registered systems that are affected |
Users in the system | users | Lists all users registered to the Satellite |
Systems administered | users-systems | Lists systems that can be administered by individual users |
Kickstart Trees | kickstartable-trees | Lists trees able to be kickstarted |
System history | system-history | Lists system event history |
System history channels | system-history-channels | Lists system event history |
System history configuration | system-history-configuration | Lists system configuration event history |
System history entitlements | system-history-entitlements | Lists system entitlement event history |
System history errata | system-history-errata | Lists system errata event history |
System history kickstart | system-history-kickstart | Lists system kickstart and provisioning event history |
System history packages | system-history-packages | Lists system package event history |
spacewalk-report
with the --info
or --list-fields-info
and the report name. The description and list of possible fields in the report will be shown.
spacewalk-report(8)
manpage as well as the --help
parameter of the spacewalk-report
program can be used to get additional information about the program invocations and their options.
# rhn-schema-version
# rhn-charsets
traceback_mail
in /etc/rhn/rhn.conf
.
web.default_mail_from
option and appropriate value in /etc/rhn/rhn.conf
.
5.6. Errors
install.log
file, and locating the following error:
ERROR: unhandled exception occurred: Traceback (most recent call last): File "/usr/bin/rhn-satellite-activate", line 45, in ? sys.exit(abs(mod.main() or 0)) File "/usr/share/rhn/satellite_tools/rhn_satellite_activate.py", line 585, in main activateSatellite_remote(options) File "/usr/share/rhn/satellite_tools/rhn_satellite_activate.py", line 291, in activateSatellite_remote ret = s.satellite.deactivate_satellite(systemid, rhn_cert) File "/usr/lib/python2.4/site-packages/rhn/rpclib.py", line 603, in __call__ return self._send(self._name, args) File "/usr/lib/python2.4/site-packages/rhn/rpclib.py", line 326, in _request self._handler, request, verbose=self._verbose) File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 171, in request headers, fd = req.send_http(host, handler) File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 698, in send_http self._connection.connect() File "/usr/lib/python2.4/site-packages/rhn/connections.py", line 193, in connect sock.connect((self.host, self.port)) File "<string>", line 1, in connect socket.timeout: timed out
- Run the install script in disconnected mode, and skip the database installation which has already been done:
# ./install.pl --disconnected --skip-db-install
- Open
/etc/rhn/rhn.conf
with your preferred text editor, and add or modify the following line:server.satellite.rhn_parent = satellite.rhn.redhat.com
Remove the following line:disconnected=1
If you are using a proxy for the connection to Red Hat Network, you will also need to add or modify the following lines to reflect the proxy settings.server.satellite.http_proxy = <hostname>:<port> server.satellite.http_proxy_username = <username> server.satellite.http_proxy_password = <password>
- Re-activate the Satellite in connected mode, using the
rhn-satellite-activate
command as the root user, including the path and filename of the satellite certificate:# rhn-satellite-activate --rhn-cert=/path/to/file.cert
install.pl
script in connected mode, but with the --answer-file=answer file
option. Ensure the answer file has the HTTP proxy information specified as follows:
rhn-http-proxy = <hostname>:<port> rhn-http-proxy-username = <username> rhn-http-proxy-password = <password>
mount_point
configuration parameter in /etc/rhn/rhn.conf
does not point to a directory path, or the directory path it points to is not present or does not have permission to access the directory.
mount_point
configuration parameter in /etc/rhn/rhn.conf
. If it set to the default value of /var/satellite
, verify that the /var/satellite
and /var/satellite/redhat
directories exist. For all values, check that path to the file is accurate, and that the permissions are set correctly.
cobbler check
give an error saying that it needs a different version of yum-utils
?
cobbler check
command can give an error similar to the following:
# cobbler check The following potential problems were detected: #0: yum-utils need to be at least version 1.1.17 for reposync -l, current version is 1.1.16
reposync
package. The error is spurious and can be safely ignored. This error will be resolved in future versions of Red Hat Satellite.
ERROR: <Fault -2: 'unhandled internal exception: unsupported version: 96'>
RHN_PARENT: satellite.rhn.redhat.com Error reported from RHN: <Fault -2: 'unhandled internal exception: unsupported version: 115'> ERROR: unhandled XMLRPC fault upon remote activation: <Fault -2: 'unhandled internal exception: unsupported version: 115'> ERROR: <Fault -2: 'unhandled internal exception: unsupported version: 115'>
Invalid satellite certificate
'ascii' codec can't encode character u'\u2013'
- Ssh directly onto the Satellite server as the root user:
# ssh root@satellite.fqdn.com
- Find the kickstart profile that is causing the problem by looking at the dates of the files in
/var/lib/cobbler/config/profiles.d
and locating the one that was edited most recently:# ls -l /var/lib/cobbler/config/profiles.d/
- Open the profile in your preferred text editor, and locate the following text:
\u2013hostname
Change the entry to read:--hostname
- Save changes to the profile and close the file.
- Restart the Red Hat Satellite services to pick up the updated profile:
# rhn-satellite restart Shutting down rhn-satellite... Stopping RHN Taskomatic... Stopped RHN Taskomatic. Stopping cobbler daemon: [ OK ] Stopping rhn-search... Stopped rhn-search. Stopping MonitoringScout ... [ OK ] Stopping Monitoring ... [ OK ] Stopping httpd: [ OK ] Stopping tomcat5: [ OK ] Shutting down osa-dispatcher: [ OK ] Shutting down Oracle Net Listener ... [ OK ] Shutting down Oracle DB instance "rhnsat" ... [ OK ] Shutting down Jabber router: [ OK ] Done. Starting rhn-satellite... Starting Jabber services [ OK ] Starting Oracle Net Listener ... [ OK ] Starting Oracle DB instance "rhnsat" ... [ OK ] Starting osa-dispatcher: [ OK ] Starting tomcat5: [ OK ] Starting httpd: [ OK ] Starting Monitoring ... [ OK ] Starting MonitoringScout ... [ OK ] Starting rhn-search... Starting cobbler daemon: [ OK ] Starting RHN Taskomatic... Done.
- Return to the web interface. Note that the interface can take some time to resolve the services. It should return to normal after some time.
/etc/hosts
file. You may confirm this by examining /etc/nsswitch.conf
, which defines the methods and the order by which domain names are resolved. Usually, the /etc/hosts
file is checked first, followed by Network Information Service (NIS) if used, followed by DNS. One of these has to succeed for the Apache Web server to start and the Red Hat Network client applications to work.
/etc/hosts
file. It may look like this:
127.0.0.1 this_machine.example.com this_machine localhost.localdomain \ localhost
127.0.0.1 localhost.localdomain.com localhost
127.0.0.1 localhost.localdomain.com localhost 123.45.67.8 this_machine.example.com this_machine
satellite-sync
reports that the server is not activated as a Red Hat Satellite, it isn't subscribed to the respective Red Hat Satellite channel. If this is a newly installed system, make sure that the satellite certificate is activated on the system. If it was activated earlier, then it has become deactivated.
# yum repolist
# rhn-satellite-activate -vvv --rhn-cert=/path/to/certificate
5.7. Web Interface
/var/log/tomcat6/catalina.out
log file.
/var/log/httpd/error_log
log file.
5.8. Anaconda
Error downloading kickstart file
. What is the problem and how do I fix it?
cobbler check
command, and read the output, which should look something like this:
# cobbler check The following potential problems were detected: #0: reposync is not installed, need for cobbler reposync, install/upgrade yum-utils? #1: yumdownloader is not installed, needed for cobbler repo add with --rpm-list parameter, install/upgrade yum-utils? #2: The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed #3: fencing tools were not found, and are required to use the (optional) power management features. install cman to use them
cobbler check
does not provide any answers, check the following:
- Verify
httpd
is running:service httpd status
- Verify
cobblerd
is running:service cobblerd status
- Verify that you can fetch the kickstart file using
wget
from a different host:wget http://satellite.example.com/cblr/svc/op/ks/profile/rhel5-i386-u3:1:Example-Org
The file chkconfig-1.3.30.1-2.i386.rpm cannot be opened
. What is the problem and how do I fix it?
--url
parameter in the kickstart. For example:
url --url http://satellite.example.com/ks/dist/ks-rhel-i386-server-5-u3
200 OK
response. You can do this by attempting to wget
the file located at that URL:
wget http://satellite.example.com/ks/dist/ks-rhel-i386-server-5-u3 --2011-08-19 15:06:55-- http://satellite.example.com/ks/dist/ks-rhel-i386-server-5-u3 Resolving satellite.example.com... 10.10.77.131 Connecting to satellite.example.com|10.10.77.131|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 0 [text/plain] Saving to: `ks-rhel-i386-server-5-u3.1' 2011-08-19 15:06:55 (0.00 B/s) - `ks-rhel-i386-server-5-u3.1' saved [0/0]
200 OK
, check the error logs to find out what the problem is. You can also check the actual file Anaconda tried to download by searching the access_log
file:
# grep chkconfig /var/log/httpd/access_log 10.10.77.131 - - [19/Aug/2011:15:12:36 -0400] "GET /rhn/common/DownloadFile.do?url=/ks/dist/ks-rhel-i386-server- 5-u3/Server /chkconfig-1.3.30.1-2.i386.rpm HTTP/1.1" 206 24744 "-" "urlgrabber/3.1.0 yum/3.2.19" 10.10.76.143 - - [19/Aug/2011:15:12:36 -0400] "GET /ks/dist/ks-rhel-i386-server-5-u3/Server/chkconfig- 1.3.30.1-2.i386.rpm HTTP/1.1" 206 24744 "-" "urlgrabber/3.1.0 yum/3.2.19" 10.10.76.143 - - [19/Aug/2011:15:14:20 -0400] "GET /ks/dist/ks-rhel-i386-server-5-u3/Server/chkconfig- 1.3.30.1-2.i386.rpm HTTP/1.1" 200 162580 "-" "urlgrabber/3.1.0 yum/3.2.19" 10.10.77.131 - - [19/Aug/2011:15:14:20 -0400] "GET /rhn/common/DownloadFile.do?url=/ks/dist/ks-rhel-i386-server- 5-u3/Server/chkconfig-1.3.30.1-2.i386.rpm HTTP/1.1" 200 162580 "-" "urlgrabber/3.1.0 yum/3.2.19"
access_log
file, the system might be having trouble with the networking setup. If the requests are appearing but are generating errors, check the error logs.
wget http://satellite.example.com/ks/dist/ks-rhel-i386-server-5-u3/Server/chkconfig-1.3.30.1-2.i386.rpm
5.9. Tracebacks
Subject: WEB TRACEBACK from satellite.example.com Date: Wed, 19 Aug 2011 20:28:01 -0400 From:Red Hat Satellite <dev-null@redhat.com> To: admin@example.com java.lang.RuntimeException: XmlRpcException calling cobbler. at com.redhat.rhn.manager.kickstart.cobbler.CobblerXMLRPCHelper.invokeMethod(CobblerXMLRPCHelper.java:72) at com.redhat.rhn.taskomatic.task.CobblerSyncTask.execute(CobblerSyncTask.java:76) at com.redhat.rhn.taskomatic.task.SingleThreadedTestableTask.execute(SingleThreadedTestableTask.java:54) at org.quartz.core.JobRunShell.run(JobRunShell.java:203) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520) Caused by: redstone.xmlrpc.XmlRpcException: The response could not be parsed. at redstone.xmlrpc.XmlRpcClient.handleResponse(XmlRpcClient.java:434) at redstone.xmlrpc.XmlRpcClient.endCall(XmlRpcClient.java:376) at redstone.xmlrpc.XmlRpcClient.invoke(XmlRpcClient.java:165) at com.redhat.rhn.manager.kickstart.cobbler.CobblerXMLRPCHelper.invokeMethod(CobblerXMLRPCHelper.java:69) ... 4 more Caused by: java.io.IOException: Server returned HTTP response code: 503 for URL: http://someserver.example.com:80/cobbler_api at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1236) at redstone.xmlrpc.XmlRpcClient.handleResponse(XmlRpcClient.java:420) ... 7 more
taskomatic
service. Try checking the following:
- Verify
httpd
is running:# service httpd status
- Verify
cobblerd
is running:# service cobblerd status
- Verify that there are no firewall rules that would prevent
localhost
connections
5.10. Registration
rhnreg_ks
command is failing when I run it, saying ERROR: unable to read system id
. What is the problem?
%post
section that registers the machine to the Red Hat Satellite:
# begin Red Hat management server registration mkdir -p /usr/share/rhn/ wget http://satellite.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT perl -npe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/* rhnreg_ks --serverUrl=https://satellite.example.com/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-c8d01e2f23c6bbaedd0f6507e9ac079d # end Red Hat management server registration
- Create a directory to house the custom SSL cert used by the Red Hat Satellite.
- Fetch the SSL certificate to use during registration.
- Search and replace the SSL certificate strings from the
rhn_register
configuration files, and then register to the Red Hat Satellite using the SSL certificate and an activation key. Every kickstart profile includes an activation key that assures that the system is assigned the correct base and child channels, and gets the correct system entitlements. If it is a reprovisioning of an existing system, the activation key will also ensure it is associated with the previous system profile.
rhnreg_ks
command fails, you might see errors like this in the ks-post.log
log file:
ERROR: unable to read system id.
rhn_check
and the system has not registered to the Red Hat Satellite.
5.11. Kickstarts and Snippets
/var/lib/rhn/kickstarts/
. Within this directory, raw kickstarts are in the upload
subdirectory, and wizard-generated kickstarts are in the wizard
subdirectory:
Raw Kickstarts: /var/lib/rhn/kickstarts/upload/$profile_name--$org_id.cfg Wizard Kickstarts: /var/lib/rhn/kickstarts/wizard/$profile_name--$org_id.cfg
/var/lib/rhn/kickstarts/snippets
. Cobbler accesses snippets using the symbolic link /var/lib/cobbler/snippets/spacewalk
.
Snippets: /var/lib/rhn/kickstarts/snippets/$org_id/$snippet_name
Important
5.12. Monitoring
nocpulse
user on the Satellite conducting the monitoring.
nocpulse
user with the following command:
su - nocpulse
rhn-catalog
on the Red Hat Satellite Server as the nocpulse
user. The output will resemble:
2 ServiceProbe on example1.redhat.com (199.168.36.245): test 2 3 ServiceProbe on example2.redhat.com (199.168.36.173): rhel2.1 test 4 ServiceProbe on example3.redhat.com (199.168.36.174): SSH 5 ServiceProbe on example4.redhat.com (199.168.36.175): HTTP
--commandline
(-c
) and --dump
(-d
) options along with a probe ID to rhn-catalog
to obtain additional details about the probe, like so:
rhn-catalog --commandline --dump 5
--commandline
option yields the command parameters set for the probe, while --dump
retrieves everything else, including alert thresholds and notification intervals and methods.
5 ServiceProbe on example4.redhat.com (199.168.36.175 ): linux:cpu usage Run as: Unix::CPU.pm --critical=90 --sshhost=199.168.36.175 --warn=70 --timeout=15 --sshuser=nocpulse --shell=SSHRemoteCommandShell --sshport=4545
rhn-runprobe
to examine the probe's output.
rhn-runprobe
?
rhn-catalog
, use it in conjunction with rhn-runprobe
to examine the complete output of the probe. Note that by default, rhn-runprobe
works in test mode, meaning no results are entered in the database. Here are its options:
Table 5.3. rhn-runprobe
Options
Option | Description |
---|---|
--help | List the available options and exit. |
--probe=PROBE_ID | Run the probe with this ID. |
--prob_arg=PARAMETER | Override any probe parameters from the database. |
--module=PERL_MODULE | Package name of alternate code to run. |
--log=all=LEVEL | Set log level for a package or package prefix. |
--debug=LEVEL | Set numeric debugging level. |
--live | Execute the probe, queue data and send out notifications (if needed). |
--probe
option, the --log
option, and values for each. The --probe
option takes the probeID as its value and the --log
option takes the value "all" (for all run levels) and a numeric verbosity level as its values. Here is an example:
rhn-runprobe --probe=5 --log=all=4
rhn-catalog
, like so:
rhn-runprobe 5 --log=all=4 --sshuser=nocpulse --sshport=4545
5.13. Multi-Organization Satellites and Satellite Certificate
- In the
/etc/rhn/rhn.conf
file, setweb.force_unentitlement
to 1. - Restart the Satellite.
- Reduce the allocated entitlements to the desired organizations either via each organization's Subscriptions tab or via individual entitlement's Organizations tabs.
- A number of systems in the organization should now be in an unentitled state. The number of systems unentitled in the organization will be equal to the difference between the total number of entitlements you removed from the organization and the number of entitlements the organization did not have applied to the systems.For example, if you removed 10 entitlements from the organization in step 3, and the organization has 4 entitlements that were not in use by systems, then 6 systems in the organization will be unentitled.
web.force_unentitlement
variable is only necessary to reduce an organization's allocated entitlements below what they are using. If an organization has more entitlements than are being actively used, you do not need to set this variable to remove them.
5.14. Proxy Installation and Configuration
rhn_package_manager -l -c "name_of_private_channel"
to list the private channel packages known to the Satellite. Or visit the Satellite interface.
yum --disablerepo="*" --enablerepo="your_repo_name" list available
on the registered system and look for the packages from the private Satellite channel.
/var/log/squid/access.log
file logs all connections to the Squid server.
yum update yum
as root or from http://www.redhat.com/support/errata/.
/etc/sysconfig/rhn/systemid
is owned by root.apache with the permissions 0640.
df -h
service httpd status
service squid status
traceback_mail
in /etc/rhn/rhn.conf
.
/etc/hosts
file. Confirm this by examining the /etc/nsswitch.conf
file, which defines the methods and the order by which domain names are resolved. Usually, the /etc/hosts
file is checked first, followed by Network Information Service (NIS) if it is being used, followed by DNS. One of these has to succeed for the Apache Web server to start and the Red Hat Network client applications to work.
/etc/hosts
file. It may look like this:
127.0.0.1 this_machine.example.com this_machine localhost.localdomain \ localhost
127.0.0.1 localhost.localdomain.com localhost
127.0.0.1 localhost.localdomain.com localhost 123.45.67.8 this_machine.example.com this_machine
- Confirm the correct package:
rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm
is installed on the Red Hat Satellite Proxy and the correspondingrhn-org-trusted-ssl-cert-*.noarch.rpm
or raw CA SSL public (client) certificate is installed on all client systems. - Verify the client systems are configured to use the appropriate certificate.
- If using one or more Red Hat Satellite Proxies, ensure each Proxy's SSL certificate is prepared correctly. If using the Red Hat Satellite Proxy in conjunction with a Red Hat Satellite, the Proxy should have both its own server SSL key-pair and CA SSL public (client) certificate installed, since it will serve in both capacities. See the SSL Certificates chapter of the Red Hat Satellite Client Configuration Guide for specific instructions.
- If the Red Hat Satellite Proxy is connecting through an HTTP Proxy, make sure the URL listed is valid. For instance, the HTTP Proxy URL field should not contain references to protocols, such as http:// or https://. Only the hostname and port should be included in the form hostname:port, such as
your-gateway.example.com:8080
. - Make sure client systems are not using firewalls of their own, blocking required ports, as identified in the Additional Requirements section of the Red Hat Satellite Proxy Installation Guide.
/var/spool/squid/
. To clear it:
- Stop the Apache Web server:
service httpd stop
- Stop the Squid server:
service squid stop
- Delete the contents of that directory:
rm -fv /var/cache/rhn/*
- Restart both services:
service squid start service httpd start
rm -fv /var/cache/rhn/*
Note
satellite-debug
. To use this tool, issue the command as root. You will see the pieces of information collected and the single tarball created, like so:
# satellite-debug Collecting and packaging relevant diagnostic information. Warning: this may take some time... * copying configuration information * copying logs * querying RPM database (versioning of Red Hat Satellite, etc.) * querying schema version and database character sets * get diskspace available * timestamping * creating tarball (may take some time): /tmp/satellite-debug.tar.bz2 * removing temporary debug tree Debug dump created, stored in /tmp/satellite-debug.tar.bz2 Deliver the generated tarball to your Red Hat Network contact or support channel.
/tmp/
directory to your Red Hat representative for immediate diagnosis.
sosreport
. This tool collects your Proxy's configuration parameters, log files, and database information and sends it directly to Red Hat.
sos
package installed. Type sosreport -o rhn
as root on the Satellite server to create a report. For example:
[root@satserver ~]# sosreport -o rhn sosreport (version 1.7) This utility will collect some detailed information about the hardware and setup of your Red Hat Enterprise Linux system. The information is collected and an archive is packaged under /tmp, which you can send to a support representative. Red Hat will use this information for diagnostic purposes ONLY and it will be considered confidential information. This process may take a while to complete. No changes will be made to your system. Press ENTER to continue, or CTRL-C to quit.
/tmp/
directory to your Red Hat representative for immediate diagnosis.
Appendix A. Probes
rhnmd
). This requirement is noted within the individual probe reference.
Note
A.1. Probe Guidelines
- Unknown
- The probes that cannot collect the metrics needed to determine probe state. Most (though not all) probes enter this state when exceeding their timeout period. Probes in this state may be configured incorrectly, as well.
- Pending
- The probes whose data has not been received by the Red Hat Satellite. It is normal for new probes to be in this state. However, if all probes move into this state, the monitoring infrastructure may be failing.
- OK
- The probes that have run successfully without error. This is the desired state for all probes.
- Warning
- The probes that have crossed their WARNING thresholds.
- Critical
- The probes that have crossed their CRITICAL thresholds or reached a critical status by some other means. (Some probes become critical when exceeding their timeout period.)
Important
A.2. Apache 1.3.x and 2.0.x
https
and the port to 443
.
A.2.1. Apache::Processes
- Data Transferred Per Child - Records data transfer information about individual children. A child process is one that is created from the parent process or another process.
- Data Transferred Per Slot - The cumulative amount of data transferred by a child process that restarts. The number of slots is configured in the
httpd.conf
file using theMaxRequestsPerChild
setting.
ExtendedStatus
directive in the httpd.conf
file of the Web server must be set to On
for this probe to function properly.
Table A.1. Apache::Processes settings
Field | Value |
---|---|
Application Protocol* | http |
Port* | 80 |
Pathname* | /server-status |
UserAgent* | NOCpulse-ApacheUptime/1.0 |
Username | |
Password | |
Timeout* | 15 |
Critical Maximum Megabytes Transferred Per Child | |
Warning Maximum Megabytes Transferred Per Child | |
Critical Maximum Megabytes Transferred Per Slot | |
Warning Maximum Megabytes Transferred Per Slot |
A.2.2. Apache::Traffic
- Current Requests - The number of requests being processed by the server at probe runtime.
- Request Rate - The accesses to the server per second since the probe last ran.
- Traffic - The kilobytes per second of traffic the server has processed since the probe last ran.
ExtendedStatus
directive in the httpd.conf
file of the Web server must be set to On
for this probe to function properly.
Table A.2. Apache::Traffic settings
Field | Value |
---|---|
Application Protocol* | http |
Port* | 80 |
Pathname* | /server-status |
UserAgent* | NOCpulse-ApacheUptime/1.0 |
Username | |
Password | |
Timeout* | 15 |
Critical Maximum Current Requests (number) | |
Warning Maximum Current Requests (number) | |
Critical Maximum Request Rate (events per second) | |
Warning Maximum Request Rate (events per second) | |
Critical Maximum Traffic (kilobytes per second) | |
Warning Maximum Traffic (kilobytes per second) |
A.2.3. Apache::Uptime
Table A.3. Apache::Uptime settings
Field | Value |
---|---|
Application Protocol* | http |
Port* | 80 |
Pathname* | /server-status |
UserAgent* | NOCpulse-ApacheUptime/1.0 |
Username | |
Password | |
Timeout* | 15 |
A.3. BEA WebLogic 6.x and higher
community_prefix@managed_server_name
in order for the SNMP query to return results for the desired Managed Server. Finally, SNMP must be enabled on each monitored system. SNMP support can be enabled and configured through the WebLogic Console.
A.3.1. BEA WebLogic::Execute Queue
- Idle Execute Threads - The number of execution threads in an idle state.
- Queue Length - The number of requests in the queue.
- Request Rate - The number of requests per second.
Table A.4. BEA WebLogic::Execute Queue settings
Field | Value |
---|---|
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 1 |
BEA Domain Admin Server | |
BEA Server Name* | myserver |
Queue Name* | default |
Critical Maximum Idle Execute Threads | |
Warning Maximum Idle Execute Threads | |
Critical Maximum Queue Length | |
Warning Maximum Queue Length | |
Critical Maximum Request Rate | |
Warning Maximum Request Rate |
A.3.2. BEA WebLogic::Heap Free
- Heap Free - The percentage of free heap space.
Table A.5. BEA WebLogic::Heap Free settings
Field | Value |
---|---|
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 1 |
BEA Domain Admin Server | |
BEA Server Name* | myserver |
Critical Maximum Heap Free | |
Warning Maximum Heap Free | |
Warning Minimum Heap Free | |
Critical Minimum Heap Free |
A.3.3. BEA WebLogic::JDBC Connection Pool
- Connections - The number of connections to the JDBC.
- Connections Rate - The speed at which connections are made to the JDBC, measured in connections per second.
- Waiters - The number of sessions waiting to connect to the JDBC.
Table A.6. BEA WebLogic::JDBC Connection Pool settings
Field | Value |
---|---|
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 1 |
BEA Domain Admin Server | |
BEA Server Name* | myserver |
JDBC Pool Name* | MyJDBC Connection Pool |
Critical Maximum Connections | |
Warning Maximum Connections | |
Critical Maximum Connection Rate | |
Warning Maximum Connection Rate | |
Critical Maximum Waiters | |
Warning Maximum Waiters |
A.3.4. BEA WebLogic::Server State
Table A.7. BEA WebLogic::Server State settings
Field | Value |
---|---|
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 1 |
BEA Domain Admin Server | |
BEA Server Name* |
A.3.5. BEA WebLogic::Servlet
- High Execution Time - The highest amount of time in milliseconds that the servlet takes to execute since the system was started.
- Low Execution Time - The lowest amount of time in milliseconds that the servlet takes to execute since the system was started.
- Execution Time Moving Average - A moving average of the execution time.
- Execution Time Average - A standard average of the execution time.
- Reload Rate - The number of times the specified servlet is reloaded per minute.
- Invocation Rate - The number of times the specified servlet is invoked per minute.
Table A.8. BEA WebLogic::Servlet settings
Field | Value |
---|---|
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 1 |
BEA Domain Admin Server | |
BEA Server Name* | myserver |
Servlet Name* | |
Critical Maximum High Execution Time | |
Warning Maximum High Execution Time | |
Critical Maximum Execution Time Moving Average | |
Warning Maximum Execution Time Moving Average |
A.4. General
A.4.1. General::Remote Program
rhnmd
) must be running on the monitored system to execute this probe.
Table A.9. General::Remote Program settings
Field | Value |
---|---|
Command* | |
OK Exit Status* | 0 |
Warning Exit Status* | 1 |
Critical Exit Status* | 2 |
Timeout | 15 |
A.4.2. General::Remote Program with Data
- <perldata> </perldata>
- <hash> </hash>
- <item key =" "> </item>
STDOUT
:
<perldata> <hash> <item key="data">10</item> <item key="status_message">status message here</item> </hash> </perldata>
data
is the data point to be inserted in the database for time-series trending. The status_message
is optional and can be whatever text string is desired with a maximum length of 1024 bytes. Remote programs that do not include a status_message
still report the value and status returned.
rhnmd
) must be running on the monitored system to execute this probe. XML is case-sensitive. The data
item key name cannot be changed and it must collect a number as its value.
Table A.10. General::Remote Program with Data settings
Field | Value |
---|---|
Command* | |
OK Exit Status* | 0 |
Warning Exit Status* | 1 |
Critical Exit Status* | 2 |
Timeout | 15 |
A.4.3. General::SNMP Check
1.3.6.1.2.1.1.1.0
) and a threshold associated with the return value. It collects the following metric:
- Remote Service Latency - The time it takes in seconds for the SNMP server to answer a connection request.
Table A.11. General::SNMP Check settings
Field | Value |
---|---|
SNMP OID* | |
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 2 |
Timeout* | 15 |
Critical Maximum Value | |
Warning Maximum Value | |
Warning Minimum Value | |
Critical Minimum Value |
A.4.4. General::TCP Check
- Remote Service Latency - The time it takes in seconds for the TCP server to answer a connection request.
Table A.12. General::TCP Check settings
Field | Value |
---|---|
Send | |
Expect | |
Port* | 1 |
Timeout* | 10 |
Critical Maximum Latency | |
Warning Maximum Latency |
A.4.5. General::UDP Check
- Remote Service Latency - The time it takes in seconds for the UDP server to answer a connection request.
Table A.13. General::UDP Check settings
Field | Value |
---|---|
Port* | 1 |
Send | |
Expect | |
Timeout* | 10 |
Critical Maximum Latency | |
Warning Maximum Latency |
A.4.6. General::Uptime (SNMP)
Table A.14. General::Uptime (SNMP) settings
Field | Value |
---|---|
SNMP Community String* | public |
SNMP Port* | 161 |
SNMP Version* | 2 |
Timeout* | 15 |
A.5. Linux
rhnmd
daemon be running on the monitored system.
A.5.1. Linux::CPU Usage
- CPU Percent Used - The five-second average of the percent of CPU usage at probe execution.
rhnmd
) must be running on the monitored system to run this probe.
Table A.15. Linux::CPU Usage settings
Field | Value |
---|---|
Timeout* | 15 |
Critical Maximum CPU Percent Used | |
Warning Maximum CPU Percent Used |
A.5.2. Linux::Disk IO Throughput
- Read Rate - The amount of data that is read in kilobytes per second.
- Write Rate - The amount of data that is written in kilobytes per second.
iostat
on the system to be monitored and see what name has been assigned to the disk you desire. The default value of 0
usually provides statistics from the first hard drive connected directly to the system.
rhnmd
) must be running on the monitored system to execute this probe. Also, the Disk number or disk name parameter must match the format visible when the iostat
command is run. If the format is not identical, the configured probe enters an UNKNOWN state.
Table A.16. Linux::Disk IO Throughput settings
Field | Value |
---|---|
Disk number or disk name* | 0 |
Timeout* | 15 |
Critical Maximum KB read/second | |
Warning Maximum KB read/second | |
Warning Minimum KB read/second | |
Critical Minimum KB read/second | |
Critical Maximum KB written/second | |
Warning Maximum KB written/second | |
Warning Minimum KB written/second | |
Critical Minimum KB written/second |
A.5.3. Linux::Disk Usage
- File System Used - The percentage of the file system currently in use.
- Space Used - The amount of the file system in megabytes currently in use.
- Space Available - The amount of the file system in megabytes currently available.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.17. Linux::Disk Usage settings
Field | Value |
---|---|
File system* | /dev/hda1 |
Timeout* | 15 |
Critical Maximum File System Percent Used | |
Warning Maximum File System Percent Used | |
Critical Maximum Space Used | |
Warning Maximum Space Used | |
Warning Minimum Space Available | |
Critical Minimum Space Available |
A.5.4. Linux::Inodes
- Inodes - The percentage of inodes currently in use.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.18. Linux::Inodes settings
Field | Value |
---|---|
File system* | / |
Timeout* | 15 |
Critical Maximum Inodes Percent Used | |
Warning Maximum Inodes Percent Used |
A.5.5. Linux::Interface Traffic
- Input Rate - The traffic in bytes per second going into the specified interface.
- Output Rate - The traffic in bytes per second going out of the specified interface.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.19. Linux::Interface Traffic settings
Field | Value |
---|---|
Interface* | |
Timeout* | 30 |
Critical Maximum Input Rate | |
Warning Maximum Input Rate | |
Warning Minimum Input Rate | |
Critical Minimum Input Rate | |
Critical Maximum Output Rate | |
Warning Maximum Output Rate | |
Warning Minimum Output Rate | |
Critical Minimum Output Rate |
A.5.6. Linux::Load
- Load - The average load on the system CPU over various periods.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.20. Linux::Load settings
Field | Value |
---|---|
Timeout* | 15 |
Critical CPU Load 1-minute average | |
Warning CPU Load 1-minute average | |
Critical CPU Load 5-minute average | |
Warning CPU Load 5-minute average | |
Critical CPU Load 15-minute average | |
Warning CPU Load 15-minute average |
A.5.7. Linux::Memory Usage
- RAM Free - The amount of free random access memory (RAM) in megabytes on a system.
yes
or no
in the Include reclaimable memory field.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.21. Linux::Memory Usage settings
Field | Value |
---|---|
Include reclaimable memory | no |
Timeout* | 15 |
Warning Maximum RAM Free | |
Critical Maximum RAM Free |
A.5.8. Linux::Process Counts by State
- Blocked - A process that has been switched to the waiting queue and whose state has been switched to
waiting
. - Defunct - A process that has terminated (either because it has been killed by a signal or because it has called
exit()
) and whose parent process has not yet received notification of its termination by executing some form of thewait()
system call. - Stopped - A process that has been stopped before its execution could be completed.
- Sleeping - A process that is in the
Interruptible
sleep state and that can later be reintroduced into memory, resuming execution where it left off.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.22. Linux::Process Counts by State settings
Field | Value |
---|---|
Timeout* | 15 |
Critical Maximum Blocked Processes | |
Warning Maximum Blocked Processes | |
Critical Maximum Defunct Processes | |
Warning Maximum Defunct Processes | |
Critical Maximum Stopped Processes | |
Warning Maximum Stopped Processes | |
Critical Maximum Sleeping Processes | |
Warning Maximum Sleeping Processes | |
Critical Maximum Child Processes | |
Warning Maximum Child Processes |
A.5.9. Linux::Process Count Total
- Process Count - The total number of processes currently running on the system.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.23. Linux::Process Count Total settings
Field | Value |
---|---|
Timeout* | 15 |
Critical Maximum Process Count | |
Warning Maximum Process Count |
A.5.10. Linux::Process Health
- CPU Usage - The CPU usage rate for a given process in milliseconds per second. This metric reports the time column of
ps
output, which is the cumulative CPU time used by the process. This makes the metric independent of probe interval, allows sane thresholds to be set, and generates usable graphs (i.e. a sudden spike in CPU usage shows up as a spike in the graph). - Child Process Groups - The number of child processes spawned from the specified parent process. A child process inherits most of its attributes, such as open files, from its parent.
- Threads - The number of running threads for a given process. A thread is the basic unit of CPU utilization, and consists of a program counter, a register set, and a stack space. A thread is also called a lightweight process.
- Physical Memory Used - The amount of physical memory (or RAM) in kilobytes used by the specified process.
- Virtual Memory Used - The amount of virtual memory in kilobytes used by the specified process, or the size of the process in real memory plus swap.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.24. Linux::Process Health settings
Field | Value |
---|---|
Command Name | |
Process ID (PID) file | |
Timeout* | 15 |
Critical Maximum CPU Usage | |
Warning Maximum CPU Usage | |
Critical Maximum Child Process Groups | |
Warning Maximum Child Process Groups | |
Critical Maximum Threads | |
Warning Maximum Threads | |
Critical Maximum Physical Memory Used | |
Warning Maximum Physical Memory Used | |
Critical Maximum Virtual Memory Used | |
Warning Maximum Virtual Memory Used |
A.5.11. Linux::Process Running
rhnmd
) must be running on the monitored system to execute this probe.
Table A.25. Linux::Process Running settings
Field | Value |
---|---|
Command name | |
PID file | |
Count process groups | (checked) |
Timeout* | 15 |
Critical Maximum Number Running | |
Critical Minimum Number Running |
A.5.12. Linux::Swap Usage
- Swap Free - The percent of swap memory currently free.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.26. Linux::Swap Usage settings
Field | Value |
---|---|
Timeout* | 15 |
Warning Minimum Swap Free | |
Critical Minimum Swap Free |
A.5.13. Linux::TCP Connections by State
- TIME_WAIT - The socket is waiting after close for remote shutdown transmission so it may handle packets still in the network.
- CLOSE_WAIT - The remote side has been shut down and is now waiting for the socket to close.
- FIN_WAIT - The socket is closed, and the connection is now shutting down.
- ESTABLISHED - The socket has a connection established.
- SYN_RCVD - The connection request has been received from the network.
netstat -ant
command to retrieve data. The Local IP address and Local port parameters use values in the Local Address column of the output; the Remote IP address and Remote port parameters use values in the Foreign Address column of the output for reporting.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.27. Linux::TCP Connections by State settings
Field | Value |
---|---|
Local IP address filter pattern list | |
Local port number filter | |
Remote IP address filter pattern list | |
Remote port number filter | |
Timeout* | 15 |
Critical Maximum Total Connections | |
Warning Maximum Total Connections | |
Critical Maximum TIME_WAIT Connections | |
Warning Maximum TIME_WAIT Connections | |
Critical Maximum CLOSE_WAIT Connections | |
Warning Maximum CLOSE_WAIT Connections | |
Critical Maximum FIN_WAIT Connections | |
Warning Maximum FIN_WAIT Connections | |
Critical Maximum ESTABLISHED Connections | |
Warning Maximum ESTABLISHED Connections | |
Critical Maximum SYN_RCVD Connections | |
Warning Maximum SYN_RCVD Connections |
A.5.14. Linux::Users
- Users - The number of users currently logged in.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.28. Linux::Users settings
Field | Value |
---|---|
Timeout* | 15 |
Critical Maximum Users | |
Warning Maximum Users |
A.5.15. Linux::Virtual Memory
- Virtual Memory - The percent of total system memory - random access memory (RAM) plus swap - that is free.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.29. Linux::Virtual Memory settings
Field | Value |
---|---|
Timeout* | 15 |
Warning Minimum Virtual Memory Free | |
Critical Minimum Virtual Memory Free |
A.6. LogAgent
nocpulse
user must be granted read access to your log files.
A.6.1. LogAgent::Log Pattern Match
- Regular Expression Matches - The number of matches that have occurred since the probe last ran.
- Regular Expression Match Rate - The number of matches per minute since the probe last ran.
rhnmd
) must be running on the monitored system to execute this probe. For this probe to run, the nocpulse
user must be granted read access to your log files.
egrep
, which is equivalent to grep -E
and supports extended regular expressions. This is the regular expression set for egrep
:
^ beginning of line $ end of line . match one char * match zero or more chars [] match one character set, e.g. '[Ff]oo' [^] match not in set '[^A-F]oo' + match one or more of preceding chars ? match zero or one of preceding chars | or, e.g. a|b () groups chars, e.g., (foo|bar) or (foo)+
Warning
egrep
to fail silently and the probe to time out.
Table A.30. LogAgent::Log Pattern Match settings
Field | Value |
---|---|
Log file* | /var/log/messages |
Basic regular expression* | |
Timeout* | 45 |
Critical Maximum Matches | |
Warning Maximum Matches | |
Warning Minimum Matches | |
Critical Minimum Matches | |
Critical Maximum Match Rate | |
Warning Maximum Match Rate | |
Warning Minimum Match Rate | |
Critical Maximum Match Rate |
A.6.2. LogAgent::Log Size
- Size - The size the log file has grown in bytes since the probe last ran.
- Output Rate - The number of bytes per minute the log file has grown since the probe last ran.
- Lines - The number of lines written to the log file since the probe last ran.
- Line Rate - The number of lines written per minute to the log file since the probe last ran.
rhnmd
) must be running on the monitored system to execute this probe. For this probe to run, the nocpulse
user must be granted read access to your log files.
Table A.31. LogAgent::Log Size settings
Field | Value |
---|---|
Log file* | /var/log/messages |
Timeout* | 20 |
Critical Maximum Size | |
Warning Maximum Size | |
Warning Minimum Size | |
Critical Minimum Size | |
Critical Maximum Output Rate | |
Warning Maximum Output Rate | |
Warning Minimum Output Rate | |
Critical Minimum Output Rate | |
Critical Maximum Lines | |
Warning Maximum Lines | |
Warning Minimum Lines | |
Critical Minimum Lines | |
Critical Maximum Line Rate | |
Warning Maximum Line Rate | |
Warning Minimum Line Rate | |
Critical Minimum Line Rate |
A.7. MySQL 3.23 - 3.33
mysqladmin
binary. No specific user privileges are needed for these probes.
mysql-server
package must be installed on the system conducting the monitoring for these probes to complete. See the MySQL Installation section of the Red Hat Satellite Installation Guide for instructions.
A.7.1. MySQL::Database Accessibility
Table A.32. MySQL::Database Accessibility settings
Field | Value |
---|---|
Username* | |
Password | |
MySQL Port | 3306 |
Database* | mysql |
Timeout | 15 |
A.7.2. MySQL::Opened Tables
- Opened Tables - The tables that have been opened since the server was started.
Table A.33. MySQL::Opened Tables settings
Field | Value |
---|---|
Username | |
Password | |
MySQL Port* | 3306 |
Timeout | 15 |
Critical Maximum Opened Objects | |
Warning Maximum Opened Objects | |
Warning Minimum Opened Objects | |
Critical Minimum Opened Objects |
A.7.3. MySQL::Open Tables
- Open Tables - The number of tables open when the probe runs.
Table A.34. MySQL::Open Tables settings
Field | Value |
---|---|
Username | |
Password | |
MySQL Port* | 3306 |
Timeout | 15 |
Critical Maximum Open Objects | |
Warning Maximum Open Objects | |
Warning Minimum Open Objects | |
Critical Minimum Open Objects |
A.7.4. MySQL::Query Rate
- Query Rate - The average number of queries per second per database server.
Table A.35. MySQL::Query Rate settings
Field | Value |
---|---|
Username | |
Password | |
MySQL Port* | 3306 |
Timeout | 15 |
Critical Maximum Query Rate | |
Warning Maximum Query Rate | |
Warning Minimum Query Rate | |
Critical Minimum Query Rate |
A.7.5. MySQL::Threads Running
- Threads Running - The total number of running threads within the database.
Table A.36. MySQL::Threads Running settings
Field | Value |
---|---|
Username | |
Password | |
MySQL Port* | 3306 |
Timeout | 15 |
Critical Maximum Threads Running | |
Warning Maximum Threads Running | |
Warning Minimum Threads Running | |
Critical Minimum Threads Running |
A.8. Network Services
A.8.1. Network Services::DNS Lookup
dig
command to see if it can resolve the system or domain name specified in the Host or Address to look up field. It collects the following metric:
- Query Time - The time in milliseconds required to execute the
dig
request.
Table A.37. Network Services::DNS Lookup settings
Field | Value |
---|---|
Host or Address to look up | |
Timeout* | 10 |
Critical Maximum Query Time | |
Warning Maximum Query Time |
A.8.2. Network Services::FTP
- Remote Service Latency - The time it takes in seconds for the FTP server to answer a connection request.
Table A.38. Network Services::FTP settings
Field | Value |
---|---|
Expect | FTP |
Username | |
Password | |
FTP Port* | 21 |
Timeout* | 10 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.3. Network Services::IMAP Mail
- Remote Service Latency - The time it takes in seconds for the IMAP server to answer a connection request.
Table A.39. Network Services::IMAP Mail settings
Field | Value |
---|---|
IMAP Port* | 143 |
Expect* | OK |
Timeout* | 5 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.4. Network Services::Mail Transfer (SMTP)
- Remote Service Latency - The time it takes in seconds for the SMTP server to answer a connection request.
Table A.40. Network Services::Mail Transfer (SMTP) settings
Field | Value |
---|---|
SMTP Port* | 25 |
Timeout* | 10 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.5. Network Services::Ping
ping
the monitored system or a specified IP address. It also checks the packet loss and compares the round trip average against the Warning and Critical threshold levels. The required Packets to send value allows you to control how many ICMP ECHO packets are sent to the system. This probe collects the following metrics:
- Round-Trip Average - The time it takes in milliseconds for the ICMP ECHO packet to travel to and from the monitored system.
- Packet Loss - The percent of data lost in transit.
ping
from a Red Hat Satellite Server and not the monitored system. Populating the IP Address field does not test connectivity between the system and the specified IP address but between the Red Hat Satellite Server and the IP address. Therefore, entering the same IP address for Ping probes on different systems accomplishes precisely the same task. To conduct a ping
from a monitored system to an individual IP address, use the Remote Ping probe instead. See Section A.8.7, “Network Services::Remote Ping”.
Table A.41. Network Services::Ping settings
Field | Value |
---|---|
IP Address (defaults to system IP) | |
Packets to send* | 20 |
Timeout* | 10 |
Critical Maximum Round-Trip Average | |
Warning Maximum Round-Trip Average | |
Critical Maximum Packet Loss | |
Warning Maximum Packet Loss |
A.8.6. Network Services::POP Mail
- Remote Service Latency - The time it takes in seconds for the POP server to answer a connection request.
+OK
. If the expected string is not found, the probe returns a CRITICAL state.
Table A.42. Network Services::POP Mail settings
Field | Value |
---|---|
Port* | 110 |
Expect* | +OK |
Timeout* | 10 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.7. Network Services::Remote Ping
ping
a specified IP address. It also monitors the packet loss and compares the round trip average against the Warning and Critical threshold levels. The required Packets to send value allows you to control how many ICMP ECHO packets are sent to the address. This probe collects the following metrics:
- Round-Trip Average - The time it takes in milliseconds for the ICMP ECHO packet to travel to and from the IP address.
- Packet Loss - The percent of data lost in transit.
rhnmd
) must be running on the monitored system to execute this probe.
Table A.43. Network Services::Remote Ping settings
Field | Value |
---|---|
IP Address* | |
Packets to send* | 20 |
Timeout* | 10 |
Critical Maximum Round-Trip Average | |
Warning Maximum Round-Trip Average | |
Critical Maximum Packet Loss | |
Warning Maximum Packet Loss |
A.8.8. Network Services::RPCService
- Remote Service Latency - The time it takes in seconds for the RPC server to answer a connection request.
Table A.44. Network Services::RPCService settings
Field | Value |
---|---|
Protocol (TCP/UDP) | udp |
Service Name* | nfs |
Timeout* | 10 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.9. Network Services::Secure Web Server (HTTPS)
- Remote Service Latency - The time it takes in seconds for the HTTPS server to answer a connection request.
Table A.45. Network Services::Secure Web Server (HTTPS) settings
Field | Value |
---|---|
URL Path | / |
Expect Header | HTTP/1 |
Expect Content | |
UserAgent* | NOCpulse-check_http/1.0 |
Username | |
Password | |
Timeout* | 10 |
HTTPS Port* | 443 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.10. Network Services::SSH
- Remote Service Latency - The time it takes in seconds for the SSH server to answer a connection request.
Table A.46. Network Services::SSH settings
Field | Value |
---|---|
SSH Port* | 22 |
Timeout* | 5 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.8.11. Network Services::Web Server (HTTP)
- Remote Service Latency - The time it takes in seconds for the HTTP server to answer a connection request.
Table A.47. Network Services::Web Server (HTTP) settings
Field | Value |
---|---|
URL Path | / |
Virtual Host | |
Expect Header | HTTP/1 |
Expect Content | |
UserAgent* | NOCpulse-check_http/1.0 |
Username | |
Password | |
Timeout* | 10 |
HTTP Port* | 80 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.9. Oracle 8i, 9i, 10g, and 11g
$ORACLE_HOME/rdbms/admin/catalog.sql
A.9.1. Oracle::Active Sessions
- Active Sessions - The number of active sessions based on the value of
V$PARAMETER.PROCESSES
. - Available Sessions - The percentage of active sessions that are available based on the value of
V$PARAMETER.PROCESSES
.
Table A.48. Oracle::Active Sessions settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
Critical Maximum Active Sessions | |
Warning Maximum Active Sessions | |
Critical Maximum Available Sessions Used | |
Warning Maximum Available Sessions Used |
A.9.2. Oracle::Availability
Table A.49. Oracle::Availability settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
A.9.3. Oracle::Blocking Sessions
- Blocking Sessions - The number of sessions preventing other sessions from committing changes to the Oracle database, as determined by the required Time Blocking value you provide. Only those sessions that have been blocking for this duration, which is measured in seconds, are counted as blocking sessions.
Table A.50. Oracle::Blocking Sessions settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Time Blocking (seconds)* | 20 |
Timeout* | 30 |
Critical Maximum Blocking Sessions | |
Warning Maximum Blocking Sessions |
A.9.4. Oracle::Buffer Cache
- Db Block Gets - The number of blocks accessed via single block gets (not through the consistent get mechanism).
- Consistent Gets - The number of accesses made to the block buffer to retrieve data in a consistent mode.
- Physical Reads - The cumulative number of blocks read from disk.
- Buffer Cache Hit Ratio - The rate at which the database goes to the buffer instead of the hard disk to retrieve data. A low ratio suggests more RAM should be added to the system.
Table A.51. Oracle::Buffer Cache settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port | 1521 |
Timeout* | 30 |
Warning Minimum Buffer Cache Hit Ratio | |
Critical Minimum Buffer Cache Hit Ratio |
A.9.5. Oracle::Client Connectivity
rhnmd
connection to the system and issues a sqlplus connect
command on the monitored system.
V$DATABASE.NAME
. This value is case-insensitive. A CRITICAL status is returned if this value is not found.
rhnmd
) must be running on the monitored system to execute this probe. For this probe to run, the nocpulse
user must be granted read access to your log files.
Table A.52. Oracle::Client Connectivity settings
Field | Value |
---|---|
Oracle Hostname or IP address* | |
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
ORACLE_HOME* | /opt/oracle |
Expected DB Name* | |
Timeout* | 30 |
A.9.6. Oracle::Data Dictionary Cache
init.ora
. It collects the following metrics:
- Data Dictionary Hit Ratio - The ratio of cache hits to cache lookup attempts in the data dictionary cache. In other words, the rate at which the database goes to the dictionary instead of the hard disk to retrieve data. A low ratio suggests more RAM should be added to the system.
- Gets - The number of blocks accessed via single block gets (not through the consistent get mechanism).
- Cache Misses - The number of accesses made to the block buffer to retrieve data in a consistent mode.
Table A.53. Oracle::Data Dictionary Cache settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
Warning Minimum Data Dictionary Hit Ratio | |
Critical Minimum Data Dictionary Hit Ratio |
A.9.7. Oracle::Disk Sort Ratio
- Disk Sort Ratio - The rate of Oracle sorts that were too large to be completed in memory and were instead sorted using a temporary segment.
Table A.54. Oracle::Disk Sort Ratio settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
Critical Maximum Disk Sort Ratio | |
Warning Maximum Disk Sort Ratio |
A.9.8. Oracle::Idle Sessions
- Idle Sessions - The number of Oracle sessions that are idle, as determined by the required Time Idle value you provide. Only those sessions that have been idle for this duration, which is measured in seconds, are counted as idle sessions.
Table A.55. Oracle::Idle Sessions settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Time Idle (seconds)* | 20 |
Timeout* | 30 |
Critical Maximum Idle Sessions | |
Warning Maximum Idle Sessions |
A.9.9. Oracle::Index Extents
- Allocated Extents - The number of allocated extents for any index.
- Available Extents - The percentage of available extents for any index.
%
that matches any index name.
Table A.56. Oracle::Index Extents settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Index Owner* | % |
Index Name* | % |
Timeout* | 30 |
Critical Maximum of Allocated Extents | |
Warning Maximum of Allocated Extents | |
Critical Maximum of Available Extents | |
Warning Maximum of Available Extents |
A.9.10. Oracle::Library Cache
init.ora
. It collects the following metrics:
- Library Cache Miss Ratio - The rate at which a library cache pin miss occurs. This happens when a session executes a statement that it has already parsed but finds that the statement is no longer in the shared pool.
- Executions - The number of times a pin was requested for objects of this namespace.
- Cache Misses - The number of pins that must now retrieve the object of the disk. These pins are made up of objects with previous pins from the time the object handle was created.
Table A.57. Oracle::Library Cache settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
Critical Maximum Library Cache Miss Ratio | |
Warning Maximum Library Cache Miss Ratio |
A.9.11. Oracle::Locks
- Active Locks - The current number of active locks as determined by the value in the v$locks table. Database administrators should be aware of high numbers of locks present in a database instance.
Table A.58. Oracle::Locks settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
Critical Maximum Active Locks | |
Warning Maximum Active Locks |
A.9.12. Oracle::Redo Log
- Redo Log Space Request Rate - The average number of redo log space requests per minute since the server has been started.
- Redo Buffer Allocation Retry Rate - The average number of buffer allocation retries per minute since the server was started.
Table A.59. Oracle::Redo Log settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Timeout* | 30 |
Critical Maximum Redo Log Space Request Rate | |
Warning Maximum Redo Log Space Request Rate | |
Critical Maximum Redo Buffer Allocation Retry Rate | |
Warning Maximum Redo Buffer Allocation Retry Rate |
A.9.13. Oracle::Table Extents
- Allocated Extents-Any Table - The total number of extents for any table.
- Available Extents-Any Table - The percentage of available extents for any table.
%
that matches any table owner or name.
Table A.60. Oracle::Table Extents settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Table Owner* | % |
Table Name* | % |
Timeout* | 30 |
Critical Maximum Allocated Extents | |
Warning Maximum Allocated Extents | |
Critical Maximum Available Extents | |
Warning Maximum Available Extents |
A.9.14. Oracle::Tablespace Usage
- Available Space Used - The percentage of available space in each tablespace that has been used.
%
that matches any table name.
Table A.61. Oracle::Tablespace Usage settings
Field | Value |
---|---|
Oracle SID* | |
Oracle Username* | |
Oracle Password* | |
Oracle Port* | 1521 |
Tablespace Name* | % |
Timeout* | 30 |
Critical Maximum Available Space Used | |
Warning Maximum Available Space Used |
A.9.15. Oracle::TNS Ping
- Remote Service Latency - The time it takes in seconds for the Oracle server to answer a connection request.
Table A.62. Oracle::TNS Ping settings
Field | Value |
---|---|
TNS Listener Port* | 1521 |
Timeout* | 15 |
Critical Maximum Remote Service Latency | |
Warning Maximum Remote Service Latency |
A.10. Red Hat Satellite
A.10.1. Red Hat Satellite::Disk Space
- File System Used - The percent of the current file system now in use.
- Space Used - The file size used by the current file system.
- Space Available - The file size available to the current file system.
Table A.63. Red Hat Satellite::Disk Space settings
Field | Value |
---|---|
Device Pathname* | /dev/hda1 |
Critical Maximum File System Used | |
Warning Maximum File System Used | |
Critical Maximum Space Used | |
Warning Maximum Space Used | |
Critical Maximum Space Available | |
Warning Maximum Space Available |
A.10.2. Red Hat Satellite::Execution Time
- Probe Execution Time Average - The seconds required to fully execute a probe.
Table A.64. Red Hat Satellite::Execution Time settings
Field | Value |
---|---|
Critical Maximum Probe Execution Time Average | |
Warning Maximum Probe Execution Time Average |
A.10.3. Red Hat Satellite::Interface Traffic
- Input Rate - The amount of traffic in bytes per second the device receives.
- Output Rate - The amount of traffic in bytes per second the device sends.
Table A.65. Red Hat Satellite::Interface Traffic settings
Field | Value |
---|---|
Interface* | eth0 |
Timeout (seconds)* | 30 |
Critical Maximum Input Rate | |
Critical Maximum Output Rate |
A.10.4. Red Hat Satellite::Latency
- Probe Latency Average - The lag in seconds between the time a probe becomes ready to run and the time it is actually run. Under normal conditions, this is generally less than a second. When a Satellite is overloaded (because it has too many probes with respect to their average execution time), the number goes up.
Table A.66. Red Hat Satellite::Latency settings
Field | Value |
---|---|
Critical Maximum Probe Latency Average | |
Warning Maximum Probe Latency Average |
A.10.5. Red Hat Satellite::Load
- Load - The load average on the CPU for a 1-, 5-, and 15-minute period.
Table A.67. Red Hat Satellite::Load settings
Field | Value |
---|---|
Critical Maximum 1-minute Average | |
Warning Maximum 1-minute Average | |
Critical Maximum 5-minute Average | |
Warning Maximum 5-minute Average | |
Critical Maximum 15-minute Average | |
Warning Maximum 15-minute Average |
A.10.6. Red Hat Satellite::Probe Count
- Probes - The number of individual probes running on a Satellite.
Table A.68. Red Hat Satellite::Probe Count settings
Field | Value |
---|---|
Critical Maximum Probe Count | |
Warning Maximum Probe Count |
A.10.7. Red Hat Satellite::Process Counts
- Blocked - The number of processes that have been switched to the waiting queue and waiting state.
- Child - The number of processes spawned by another process already running on the machine.
- Defunct - The number of processes that have terminated (either because they have been killed by a signal or have called
exit()
) and whose parent processes have not yet received notification of their termination by executing some form of thewait()
system call. - Stopped - The number of processes that have stopped before their executions could be completed.
- Sleeping - A process that is in the
Interruptible
sleep state and that can later be reintroduced into memory, resuming execution where it left off.
Table A.69. Red Hat Satellite::Process Counts settings
Field | Value |
---|---|
Critical Maximum Blocked Processes | |
Warning Maximum Blocked Processes | |
Critical Maximum Child Processes | |
Warning Maximum Child Processes | |
Critical Maximum Defunct Processes | |
Warning Maximum Defunct Processes | |
Critical Maximum Stopped Processes | |
Warning Maximum Stopped Processes | |
Critical Maximum Sleeping Processes | |
Warning Maximum Sleeping Processes |
A.10.8. Red Hat Satellite::Processes
- Processes - The number of processes running simultaneously on the machine.
Table A.70. Red Hat Satellite::Processes settings
Field | Value |
---|---|
Critical Maximum Processes | |
Warning Maximum Processes |
A.10.9. Red Hat Satellite::Process Health
- CPU Usage - The CPU usage percent for a given process.
- Child Process Groups - The number of child processes spawned from the specified parent process. A child process inherits most of its attributes, such as open files, from its parent.
- Threads - The number of running threads for a given process. A thread is the basic unit of CPU utilization, and consists of a program counter, a register set, and a stack space. A thread is also called a lightweight process.
- Physical Memory Used - The amount of physical memory in kilobytes being used by the specified process.
- Virtual Memory Used - The amount of virtual memory in kilobytes being used by the specified process, or the size of the process in real memory plus swap.
Table A.71. Red Hat Satellite::Process Health settings
Field | Value |
---|---|
Command Name | |
Process ID (PID) file | |
Timeout* | 15 |
Critical Maximum CPU Usage | |
Warning Maximum CPU Usage | |
Critical Maximum Child Process Groups | |
Warning Maximum Child Process Groups | |
Critical Maximum Threads | |
Warning Maximum Threads | |
Critical Maximum Physical Memory Used | |
Warning Maximum Physical Memory Used | |
Critical Maximum Virtual Memory Used | |
Warning Maximum Virtual Memory Used |
A.10.10. Red Hat Satellite::Process Running
Table A.72. Red Hat Satellite::Process Running settings
Field | Value |
---|---|
Command Name | |
Process ID (PID) file | |
Critical Number Running Maximum | |
Critical Number Running Minimum |
A.10.11. Red Hat Satellite::Swap
Table A.73. Red Hat Satellite::Swap settings
Field | Value |
---|---|
Critical Minimum Swap Percent Free | |
Warning Minimum Swap Percent Free |
A.10.12. Red Hat Satellite::Users
Table A.74. Red Hat Satellite::Users settings
Field | Value |
---|---|
Critical Maximum Users | |
Warning Maximum Users |
Appendix B. Revision History
Revision History | ||||||||
---|---|---|---|---|---|---|---|---|
Revision 4-33.401 | Thu Aug 20 2015 | Dan Macpherson | ||||||
| ||||||||
Revision 4-33.400 | 2013-10-31 | Rüdiger Landmann | ||||||
| ||||||||
Revision 4-33 | Fri Sep 27 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-32 | Thu Aug 29 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-31 | Tue Aug 27 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-30 | Tue Aug 27 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-29 | Tue Aug 27 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-28 | Tue Aug 27 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-27 | Tue Aug 27 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-26 | Tue Aug 27 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-25 | Tue Aug 27 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-24 | Tue Aug 27 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-23 | Tue Aug 27 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-22 | Thu Aug 15 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-21 | Sun Jul 28 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-20 | Wed Jul 24 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-19 | Tue Jul 23 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-18 | Thu Jul 12 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-17 | Thu Jul 12 2013 | Dan Macpherson | ||||||
| ||||||||
Revision 4-16 | Thu Jul 11 2013 | Athene Chan | ||||||
| ||||||||
Revision 4-15 | Fri Jul 5 2013 | Athene Chan | ||||||
| ||||||||
Revision 4-14 | Fri Jul 5 2013 | Athene Chan | ||||||
| ||||||||
Revision 4-13 | Fri June 28 2013 | Athene Chan | ||||||
| ||||||||
Revision 4-12 | Tue June 4 2013 | Athene Chan | ||||||
| ||||||||
Revision 4-11 | Fri May 17 2013 | Athene Chan | ||||||
| ||||||||
Revision 4-10 | Thu Apr 25 2013 | Athene Chan | ||||||
| ||||||||
Revision 4-9 | Thu Feb 28 2013 | Athene Chan | ||||||
| ||||||||
Revision 4-8 | Wed Jan 2 2013 | Athene Chan | ||||||
| ||||||||
Revision 4-7 | Wed Sept 19 2012 | Dan Macpherson | ||||||
| ||||||||
Revision 4-6 | Thu Aug 16 2012 | Athene Chan | ||||||
| ||||||||
Revision 4-5 | Thu Aug 16 2012 | Athene Chan | ||||||
| ||||||||
Revision 4-4 | Wed Aug 15 2012 | Athene Chan | ||||||
| ||||||||
Revision 4-3 | Thu Aug 9 2012 | Athene Chan | ||||||
| ||||||||
Revision 3-2 | Fri Aug 3 2012 | Athene Chan | ||||||
| ||||||||
Revision 3-1 | Tue Jun 17 2012 | Athene Chan | ||||||
| ||||||||
Revision 3-0 | Thurs May 24 2012 | Athene Chan | ||||||
| ||||||||
Revision 2-6 | Mon Jan 9 2012 | Lana Brindley | ||||||
| ||||||||
Revision 2-5 | Wed Jan 4 2012 | Lana Brindley | ||||||
| ||||||||
Revision 2-4 | Fri Sep 23 2011 | Lana Brindley | ||||||
| ||||||||
Revision 2-3 | Mon Aug 15 2011 | Lana Brindley | ||||||
| ||||||||
Revision 2-2 | Wed Jun 15 2011 | Lana Brindley | ||||||
| ||||||||
Revision 2-1 | Fri May 27 2011 | Lana Brindley | ||||||
| ||||||||
Revision 2-0 | Fri May 6 2011 | Lana Brindley | ||||||
| ||||||||
Revision 1-29 | Fri March 25 2011 | Lana Brindley | ||||||
| ||||||||
Revision 1-28 | Thu March 24 2011 | Lana Brindley | ||||||
| ||||||||
Revision 1-27 | Mon Feb 14 2011 | Lana Brindley | ||||||
| ||||||||
Revision 1-26 | Wed Feb 9 2011 | Lana Brindley | ||||||
| ||||||||
Revision 1-25 | Mon Jan 31 2011 | Lana Brindley | ||||||
|